The Trusted Carrier TC Platform (hereinafter: "TC Platform") is operated by Trusted Carrier GmbH & Co. KG, Breitenbachstraße 1, 60487 Frankfurt am Main, Germany (hereinafter: "Platform Operator") and is an electronic platform that develops and offers cloud-based value-added logistics services for various target industries in partnership with the Bundesverband Güterkraftverkehr Logistik und Entsorgung (BGL) e.V. (German Road Haulage Association).
By providing logistically relevant data and, in particular, validated quality data, the TC Platform offers logistical added value for (Industrial) Sites, Shippers, Transport Partners, Drivers and other users of commercial road haulage in order to improve the transparency and efficiency of cooperation for all parties involved along the entire supply chain (hereinafter: "Services").
This User Agreement governs all contractual relationships between the Platform Operator the (industrial) site, shipper, transport partner, driver or other user of commercial road haulage (hereinafter: "User") unless otherwise agreed.
The Platform Operator offers Users to use the TC Platform and its Services. The use of the TC Platform is subject to the following license and terms and conditions (hereinafter: "User Agreement"). The use of the TC Platform and its Services by the User implies its consent to this User Agreement. More specific or individual contractual provisions shall take precedence over this User Agreement to the extent that they relate to the TC Platform and its Services. General Terms and Conditions of the User shall not apply.
The term "(Industrial) Site" in the User Agreement refers to all companies that provide, coordinate or request the logistics service and use the services of the TC Platform.
The term "Shipper" in the user agreement refers to all companies that request the logistics service of the transport partners and drivers and use the data of the TC Platform.
In the User Agreement, "Transport Partners" are all companies that provide logistics services and upload their data to the TC Platform in order to make it available to shippers.
In the user agreement, "Drivers" are all natural persons who provide the logistics services of the transport partners, fulfill the transport order vis-à-vis the shipper and upload and use data onto the TC Platform.
1.1 The TC Platform contains validated and non-validated company and personal data which are made available via web application or mobile application (Driver App Wallet) or via interface without the need for installation onto the TC Platform of the User. The platform operator reserves the right to constantly develop and design these further in the interests of all users. The information on the website is binding.
1.2 Typical data contents might be:
- Company profiles of Users
- Quality-assured master data of vehicles, vehicle components, equipment
- Driver master data and additional information
- further logistics master and transaction data, which serve the purpose of transparent and efficient processing of services
1.3 The prices for the services of the TC Platform are listed in the Price List valid at the time of use and can be viewed on the TC Platfform.
1.4 Services in connection with the development and adaptation of the TC Platform and its Services to special needs of the User, advisory support in the selection, installation, commissioning, interface linking and use of the TC Platform and its Services as well as introduction and training of the User's personnel shall be provided by the Platform Operator upon request on the basis of a separate service agreement.
2.1 Upon registration on the TC Platform, the User shall receive the necessary storage space in accordance with this User Agreement in order to process its company and personal data on the TC Platform and to use the corresponding Services. The type and scope of the data depends on the respective Service. Users are only permitted to use the data stored on the TC Platform for the purpose of using the corresponding Services. The platform provider guarantees the retrievability of the data within the scope of the use of the Services.
2.2 The Platform Operator shall provide the TC Platform free of viruses, malicious code, locks or other routines restricting use in a user-friendly form. The Platform Operator is obliged to inform the Users without undue delay after becoming aware of any material risks that may arise in connection with the use of the TC Platform for the Users' IT platform.
2.3 The Users are obliged to check the accuracy of the data to be entered and uploaded to the best of their knowledge and to keep the data up to date. Changes have to be made immediately on the TC Platform. The User shall remain the owner of all data transferred to the TC Platform.
2.4 The TC Platform shall undertake the quality assurance and control of parts of the transmitted data for validation and shall apply suitable processes and methods for this purpose. If errors are detected during validation on the TC Platform, the posting User will be informed immediately by the Platform Operator and requested to review and correct the data. After correction, the data is validated again. Only after successful and complete validation by the TC Platform a data set will be released for viewing and use by other Users.
2.5 Users can view their transmitted data on the TC Platform at any time and edit them if necessary. Data of other Users are only visible within the scope of the necessary use of the Services and consent to publication in accordance with this User Agreement. There is no further right to view data of third parties.
2.6 The Platform Operator may also use services of third parties to validate the transmitted data, provided that all obligations under the User Agreement, in particular the obligations under data protection law, are also contractually imposed on them.
2.7 In the event of data that is insufficient in terms of content or quality or that violates this User Agreement, the Platform Operator reserves the right to delete the data concerned. Contractually owed fees remain unaffected by this; there is no right of reimbursement.
2.8 The User agrees that the Platform Operator may duplicate, edit, supplement or delete the data of the TC Platform if this is necessary in the context of the validation of the data and does not affect its factual content.
3.1 The User shall not use the TC Platform in a way that causes damage to persons or property, violates the right to privacy, intellectual property or other proprietary rights, or otherwise violates applicable laws or regulations.
3.2 The User undertakes to enable the Platform Operator, at the User's request, to verify the use of the TC Platform in accordance with this User Agreement, this applies in particular with regard to compliance with the agreed scope of use.
3.3 The User shall be responsible for the procurement and maintenance of the hardware, further programs and data processing systems required by it as well as the necessary services and connections to public telecommunications networks required for the connection to the TC Platform, the access to the TC Platform or any other use of the TC Platform. This applies in particular to their security. Any costs incurred in the aforementioned shall be borne by the User itself.
3.4 Furthermore, the User shall be responsible for compliance with the legal provisions applicable in connection with the use of the TC Platform as well as with this User Agreement. This applies in particular with regard to the authorized use by its employees, service providers and suppliers.
3.5 The User shall not use the TC Platform in a way that causes or may cause damage to the TC Platform and/or the IT systems or impairment of the availability or accessibility of the TC Platform and/or the IT systems.
3.6 The User shall inform the Platform Operator without undue delay of any irregularities by while using the TC Platform as well as of any violations of this User Agreement.
4.1 The User shall receive a non-exclusive, non-transferable right to use the TC Platform for an unlimited period of time concurrently with the payment of the remuneration pursuant to clause 10 of this User Agreement. The license entitles the User to individual or group use of the TC Platform within the scope of this User Agreement. Any use beyond this shall require the prior written consent of the Platform Operator.
4.2 All other rights, in particular the ownership, the industrial rights and the copyright to the TC Platform shall remain reserved to the Platform Operator. Copying, reproducing or modifying the TC Platform is prohibited unless this is technically necessary for the intended use.
4.3 The User may not rent or otherwise sublicense its access to the TC Platform, publicly reproduce it (wirelessly or wired) or make it accessible or available to unauthorized third parties, whether for a fee or free of charge. The User shall take commercially reasonable measures to ensure that no unauthorized persons can gain access to the TC Platform with the User's access. If the User becomes aware of such access by third parties, the User shall inform the Platform Operator without undue delay.
4.4 In particular, the User may not make any changes and translations or further reproductions of the TC Platform, not even partially or temporarily, no matter of what kind and by what means. The printing of the program code also constitutes an unauthorized reproduction. Changes to which the Platform Operator cannot refuse consent in good faith (Section 39 (2) UrhG) are permitted.
4.5 References to copyrights or other industrial property rights on or in the TC Platform may not be changed, removed or otherwise made unrecognizable.
4.6 The User may not reverse engineer, decompile or disassemble the TC Platform. In all other respects §§ 69d, 69e UrhG (German Copyright Act) shall remain unaffected.
4.7 If the User uses the TC Platform to an extent which qualitatively or quantitatively exceeds the rights of use acquired by it, it undertakes to immediately acquire the rights of use necessary for the permitted use from the Platform Operator. Otherwise, the Platform Operator shall immediately assert the rights to which he is entitled.
4.8 The User may only use the name, trademark and/or logo of the Platform Operator in digital or printed form beyond the use of the TC Platform if the Platform Operator consents to such use in writing or in text form, whereby such consent may not be unreasonably withheld.
5.1 The Platform Operator declares that it has either developed the TC Platform and its Services itself and that it is entitled to the corresponding property rights thereto, in particular the copyright, or that it has acquired the corresponding rights for use and distribution from the holder of the rights and that it is not aware of any conflicting rights at the time of conclusion of this User Agreement.
5.2 If third parties assert claims against the User due to infringement of property rights to which they are allegedly entitled, the User shall immediately inform the Platform Operator in writing of the claim raised.
6.1 The Platform Operator warrants that the TC Platform has the agreed quality and is free from third party rights conflicting with the agreed use and has been created with due care and expertise. Insofar as the condition of the Services has not been adequately agreed, the Services shall be deemed to be free of material defects if they are suitable for the use presumed under this User Agreement or if they are suitable for ordinary use and in this respect have a condition that is customary for services of the same type. According to the current state of the art and the generally accepted safety rules of national authorities (e.g. BSI), the complete exclusion of software defects is not possible. Users therefore have no claim to the permanent retrievability of the data.
6.2 The TC Platform provided by the Platform Operator shall be deemed defective if the TC Platform, when used as intended, deviates from the warranted performance conditions of the Services as well as their applications and functions to such an extent that its suitability for the use agreed at the time of use is nullified or significantly reduced.
6.3 The Platform Operator undertakes to inform the Users without undue delay of any relevant defects of the TC Platform of which it becomes aware.
6.4 The Platform Operator shall correct reproducible defects of the TC Platform which impair the intended use not only insignificantly within a reasonable period of time. The error correction shall be made at the discretion of the Platform Operator, depending on the severity of the error, by means of a TC Platform update or by means of instructions on how to eliminate or circumvent the effects of the error.
6.5 The Platform Operator shall make available to the Users free of charge all subsequent program versions which include a defect removal of the TC Platform. The User shall be obliged to accept for use a subsequent TC Platform version made available to it by the Platform Operator as part of the defect correction, unless this leads to unreasonable usage problems for it.
6.6 The warranty shall not apply to defects which are due to the fact that the TC Platform is used by the User in a hardware and/or software environment which does not meet the requirements or contractual use of the TC Platform and for which the TC Platform has not been expressly released, or the User is otherwise responsible for the defect. With regard to expenses already incurred to remedy the defect, Platform Operator shall have the right to charge the User for the actual costs incurred for analysis and correction of the defect according to time and material expenditure and at customary industry conditions.
6.7 If the User is an entrepreneur, he is obligated to check the TC Platform for obvious defects immediately after registration and to notify the Platform Operator of any existing defects in a documented manner without delay. Otherwise, a warranty for the aforementioned defects is expressly excluded. This also applies accordingly if such a defect becomes apparent later.
6.8 If a defect is not remedied in accordance with the above provisions, the User shall otherwise be entitled to assert further statutory rights. Sections 434f., 634f. 536f. BGB (German Civil Code) shall apply.
6.9 The User shall support the Platform Operator in identifying and eliminating defects to an appropriate and reasonable extent.
7.1 The TC Platform shall generally be made available 24 hours a day, seven days a week, in accordance with the current state of the art. The TC Platform shall be deemed available if it can be used at the gateway between the public Internet and the network of the hosting provider of the TC Platform.
7.2 The Platform Operator shall keep restrictions of the system availability as low as possible and inform all Users about restrictions in advance or in a timely manner, if possible.
7.3 The Platform Operator reserves the right to carry out maintenance and development work in order to ensure proper operation and to implement extensions or innovations and will announce corresponding "maintenance windows". Such impairments of availability due to "maintenance windows" shall not be considered as downtime.
7.4 If the Platform Operator cannot provide the services of the platform or cannot provide them completely for a short period of time, the claim to agreed fees shall not lapse.
7.5 In the event of unforeseen obstacles, such as operational disruptions, which cannot be averted by the Platform Operator despite reasonable care under the circumstances of the case, the Platform Operator shall be entitled to extend the delivery or retrieval time until the obstacle has been removed.
8.1 The agreed one-time, recurring or usage-based license fees shall be the remuneration for the intended use of the TC Platform for the agreed duration and in accordance with the provisions of this Agreement.
8.2 All prices are net prices exclusive of any applicable value added tax.
8.3 All license fees accruing with the use shall be paid to the account of the Platform Operator within 14 days from the date of invoice. Alternatively, the User may grant the platform operator a SEPA direct debit mandate. In this case, the Platform Operator shall collect the actually incurred license fees from the bank account deposited by the user every 14 days.
8.4 If the User is an entrepreneur and is in default of payment for another 10 days even after written notice, the Platform Operator may charge interest on arrears in addition to any other amount due at a rate of 3% of the outstanding amount per calendar week of default or part thereof, but not more than 10% per event of default.
8.5 A retention of payments or a set-off against the invoice amount is only permitted with counterclaims recognized in writing by the Platform Operator or legally established by a German court.
8.6 The Platform Operator reserves the right to adjust the license fees on a regular basis. In the event of an adjustment of costs, the User shall be notified of the adjustment of costs in due time in advance. In the event of an increase in costs, the User shall have an extraordinary right to terminate this User Agreement. The termination must be made within four weeks after notification. The period of notice is 30 days. Within the period of notice, license fees shall remain unchanged.
9.1 The TC Platform and its Services contain
- Information that has been marked as "confidential";
- personal data;
- company-related data which, due to the circumstances of its disclosure or due to the nature of its content, may be designated as confidential
(hereinafter: Confidential Information).
9.2 The User undertakes to treat Confidential Information with the same care and confidentiality as its own confidential information, to use it only for the intended use defined in this User Agreement and to the extent necessary for this purpose, and not to make it available to third parties not authorized by the User, subject to prior written consent by the Platform Operator, in any manner or form, either in whole or in part, or to publish it.
9.3 The User shall ensure by appropriate instructions, agreements and other suitable precautions that all persons who have access to Confidential Information comply with the obligations of clause 9 of this User Agreement.
9.4 The User shall take the necessary organizational and technical measures to protect Confidential Information from unauthorized disclosure, access, theft or misuse. This applies in particular to the User's access data to the TC Platform.
9.5 The User shall ensure that persons authorized by it within the meaning of this Agreement are excluded from access to the platform after expiry of the necessary authorization or after their departure or at the time of termination of this User Agreement.
9.6 The Platform Operator on its part undertakes to treat Confidential Information of the Users as confidential and to use it only for the performance of the Services related to the TC Platform. This applies in particular with regard to the data transmitted by the User.
9.7 The Platform Operator shall take appropriate technical and organizational measures to ensure that access to Confidential Information by unauthorized third parties is excluded. This applies in particular to the protection of access data (user ID, password, etc.).
9.8 Information and data required for the unrestricted operation of the TC Platform and the provision of the Services shall also be treated confidentially if they are made available to other users of the TC Platform to the extent described in this User Agreement.
10.1 The Platform Operator hereby recognizes the importance of the protection of personal data as well as privacy and agrees to comply with all applicable laws and regulations on the protection of personal data in the performance of its obligations under this User Agreement.
10.2 The Platform Operator points out that by entering data on the TC Platform personal data may be collected and made available to other Users for the performance of the Services to the extent necessary.
10.3 The User is aware of its obligation that all personal data of such persons who have not consented to the storage and processing of their data for the purpose of using the TC Platform and its Services or to whose processing the User is not otherwise entitled shall be made unrecognizable beforehand when uploading to the Platform.
10.4 In addition, the processing of data in connection with the use of the TC Platform shall be governed by Privacy Policy valid at the time of use of the TC Platform and incorporated in this User Agreement, with which the User agrees by using the TC Platform.
10.5 If personal data of the User as data controller is processed, the User agrees to the Data Processing Agreement (DPA) valid at the time of use of the TC Platform.
11.1 The platform operator shall not be liable for any damage caused to the User by any other use by the User not provided for by the TC Platform or this User Agreement.
11.2 The Platform Operator shall only be liable for damages incurred by the User in cases where the damage was caused intentionally or by gross negligence by its legal representatives, other employees or vicarious agents as well as shareholders. Apart from that, the platform operator is only liable for contract-typical and foreseeable damages caused by the violation of essential contractual obligations, the fulfillment of which makes the proper execution of the contract possible in the first place and on the compliance with which the User may regularly rely. Liability for the User's loss of profit, savings not made by the User or consequential damages is excluded.
11.3 No liability is assumed for damages due to force majeure. Damages due to force majeure are, in particular, damages incurred by the User as a result of temporary technical failures of parts of the Internet, attacks on the infrastructure of the system, industrial action or other external operational or service disruptions. Likewise, no liability shall be assumed for damages resulting from configuration problems caused by the User.
11.4 No liability shall be assumed for damages caused by maintenance work of the TC Platform and the related limited usability.
11.5 Liability for any claims in connection with the use of the Platform shall be limited to the license fee demonstrably paid by the User in the last three calendar months before the claim arose.
11.6 Nothing in this clause 11 or any other provision of this User Agreement shall limit or exclude any liability for breach of rights under clauses 4 (License), 9 (Confidentiality) and 10 (Privacy), for intentional or fraudulent act or omission, for death or personal injury caused by its negligence, or for any other liability that cannot otherwise be limited or excluded by applicable law.
12.1 This User Agreement is valid for an indefinite period of time.
12.2 The User and the Platform Operator may terminate this User Agreement with one month's notice to the end of the following month. The termination must be in text form.
12.3 For all transactions initiated on the TC Platform prior to the effectiveness of the termination all rights and obligations of this Agreement shall apply until their completion.
12.4 The User and the Platform Operator shall also be entitled to terminate this User Agreement if the other party breaches a material obligation under this User Agreement and this breach is not remedied within 30 days after receipt of a notification of the breach in text form by the aggrieved party. This shall apply in particular if the User is at least 30 days in arrears with the payment of the license fees despite a reminder or if there is a breach of duty under clauses 4 (License), 9 (Confidentiality) or 10 (Data Protection).
12.5 In addition, the Platform Operator reserves the right to exclude the users responsible from using the platform with immediate effect in the event of misuse of the platform due to data that are insufficient in terms of content or quality. Contractually owed fees shall remain in effect, a claim for reimbursement shall not arise.
12.6 In case of termination of this User Agreement or other termination of the use of the TC Platform by the User, the User shall lose its right to access the TC Platform upon the effectiveness of the termination or cancellation.
12.7 In addition, upon termination of the User Agreement or other termination of the use of the TC Platform by the User, the Platform Operator shall be entitled to continue to use the transmitted data, subject to clause 9 of this User Agreement, provided that this serves the purpose of this User Agreement and is required by other contractual or legal obligations of the Platform Operator.
12.8 All provisions of this User Agreement which expressly or by their nature are intended to survive the termination thereof, including but not limited to clauses 4 (License), 9 (Confidentiality) and 10 (Data Protection), shall remain in full force and effect after termination until the obligations of this User Agreement have been fully performed or have expired independently.
13.1 This User Agreement, attachments, appendices, amendments and supplements as well as all ancillary agreements must be in text form in order to be valid.
13.2 This User Agreement or individual rights and obligations resulting from it may only be assigned or transferred to third parties with the prior written consent of the Platform Operator.
13.3 This User Agreement and all legal relationships between the Platform Operator and the Users shall be governed by the laws of the Federal Republic of Germany, excluding the UN Convention on Contracts for the International Sale of Goods. The exclusive place of jurisdiction for all disputes in connection with the use of the TC Platform shall be the registered office of the Platform Operator, unless otherwise provided by mandatory law.
13.4 If individual provisions of these agreements have not become part of this Agreement in whole or in part, or are invalid, unenforceable or void, or if a loophole should become apparent in this Agreement, the remainder of this Agreement shall remain valid. In addition, the statutory provisions shall apply. In the absence of a corresponding statutory provision, such provision shall be replaced by a provision which the parties would have made if they had considered this point from the outset; in doing so, the economic interests of both parties shall be taken into account in a reasonable and justifiable manner. The preceding sentence shall apply mutatis mutandis in the event of gaps in the provisions.
13.5 The Platform Operator reserves the right to amend this User Agreement. Changes shall be announced to the Users in text form by e-mail at least 30 days before they take effect. The amendments shall be deemed to have been agreed effectively unless the User objects in text form within 30 days of their announcement. The Platform Operator will inform the user of the possibility of objection and its consequences. In the event of an objection, the Platform Operator is entitled to exclude the user from using the Platform. Users of the Driver App Wallet are only entitled to continue using the same if they agree to the changes to the User Agreement displayed there.
Last update: 14.11.2023
----------------------------------------------
The Platform Operator provides the User with cloud-based value-added logistics services on its TC Platform. In providing its Services, the Platform Operator processes personal data as data processor for the User as data controller in accordance with the provisions of the User Agreement. Therefore, according to the legal provisions of the General Data Protection Regulation ("GDPR"), the conclusion of an agreement in accordance with Art. 28 sec. 3 in conjunction with sec. 4 sent. 1 GDPR of data processing (hereinafter "DPA") between the User and the Platform Operator is required. By using the TC Platform, the User agrees to these DPA.
The type, scope and purpose of the processing of personal data results from User Agreement. The term of the DPA corresponds to the term of the User Agreement.
The provision of the contractually agreed data processing shall only take place outside a member state of the European Union (EU) or another contracting state of the Agreement on the European Economic Area (EEA) if the special requirements of Art. 44f. GDPR are fulfilled.
The following categories of data are processed:
Name, address, telephone directory and contact details (e.g. tel. no., e-mail address), date and place of birth, photos, video, vehicle registration number, process number, validity data of identity card and driver's license, and IP address.
The categories of data subjects affected by the processing include:
Users, employees, service providers and contact persons
The Platform Operator must establish security pursuant to Art. 28 sec. 3 lit. c, Art. 32 GDPR, in particular in connection with Art. 5 sec. 1, 2 GDPR. Overall, the measures to be taken are data security measures and measures to ensure a level of protection appropriate to the risk with regard to confidentiality, integrity, availability and the resilience of data processing systems.
The state of the art, the implementation costs and the nature, scope and purposes of the processing as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons within the meaning of Art. 32 sec. 1 GDPR shall be taken into account. The details of the fulfillment of these requirements are set out in Annex 1.
The technical and organizational measures are subject to technical progress and further development. In this respect, the Platform Operator is permitted to implement alternative adequate measures. In doing so, the intended security level pursuant to Art. 28 GDPR must not be deceed. Significant changes must be documented by the Platform Operator.
The processing of data outside the regular place of business is only permitted with the consent of the User in individual cases, insofar as this involves the permanent physical storage of the User's data on data carriers in the private home. However, temporary intermediate storage through the use of mobile devices (e.g. laptops, tablet PCs, smartphones, etc.) is permissible, provided that the mobile devices have sufficient security facilities (e.g. VPN connection, hard disk encryption, etc.) that comply with recognized standards and are standardized in this agreement.
The Platform Operator may only process personal data in accordance with Art. 29 GDPR. The Platform Operator may not correct, delete or restrict the processing of personal data of the User that is processed on behalf of the User on its own authorization, but only after documented instructions in accordance with Art. 29 GDPR in writing or in text form, insofar as no legal requirements oblige the Platform Operator to act independently in this regard.
The User shall ensure that its instructions comply with all laws, rules and regulations applicable in relation to the personal data and that the processing of personal data in accordance with the User's instructions does not result in the Platform Operator violating applicable data protection law.
In addition to complying with the provisions of this DPA, the Platform Operator shall also comply with the statutory provisions and, in particular, the obligations pursuant to Art. 28 to Art. 33 GDPR.
The Platform Operator shall in particular ensure compliance with the following requirements:
Subcontracting relationships within the meaning of this DPA shall be understood as those Services which directly relate to the provision of Services and for the provision of which third parties are assigned by the platform operator. This does not include ancillary Services which the Platform Operator uses, e.g. in the area of transport, debt collection, accounting, etc.
The Platform Operator is obligated to enter into appropriate and legally compliant contractual agreements and control measures to ensure data protection and data security of the User's data also in the case of outsourced ancillary Services and to contractually agree on these vis-à-vis third parties.
The Platform Operator may engage subcontractors (further processors) pursuant to Art. 28 sec. 2, 4 GDPR, provided that they have been carefully selected and it is ensured at all times that the agreements reached between the User and the Platform Operator are complied with.
All contractual provisions agreed here in the contractual chain must also be imposed on further subcontractors. The technical and organizational measures of subcontractors are based on those defined in this DPA and may only fall below the described level in justified exceptional cases.
If the subcontractor provides the agreed Service at a place of performance outside the EU/EEA, the Platform Operator shall ensure admissibility under data protection law by taking appropriate measures, e.g. standard contractual clauses of the EU Commission within the meaning of Art. 46 sec. 2 lit. c GDPR in conjunction with further suitable guarantees pursuant to Art. 46 GDPR.
The Platform Operator shall assist the User in complying with the personal data security obligations set out in Articles 32 to 36 GDPR, data breach notification obligations, data protection impact assessments and prior consultations.
These include, but are not limited to:
The Platform Operator shall ensure that the User can convince itself of the compliance with the obligations of the Platform Operator according to Art. 28 GDPR. The Platform Operator undertakes to provide the User with the necessary information upon request and, in particular, to provide evidence of the implementation of the technical and organizational measures.
The control of data processing shall be carried out by providing self-disclosures in the form of process documentation, work instructions as well as written statements of the Platform Operator or the submission of test reports. In individual cases, the client has the right to convince himself by means of spot checks. The User may carry out such inspections after prior notification with a reasonable lead time during normal business hours and without disrupting operations. For enabling controls by the User, beyond the necessary extent, the Platform Operator may assert a claim for remuneration.
Proof can be provided by compliance with approved rules of conduct pursuant to Art. 40 GDPR; certification in accordance with an approved certification procedure pursuant to Art. 42 GDPR; current attestations, reports or report extracts from independent bodies (e.g. auditors, auditing, data protection officers, IT security department, data protection auditors, quality auditors); suitable certification by IT security or data protection audit (e.g. in accordance with BSI-Grundschutz, ISO 27001).
Upon termination of the DPA at the latest, the Platform Operator shall hand over to the User all data made available to it for data processing, in particular documents, processing and usage results created, as well as data repositories related to the contractual relationship, or, destroy or delete them in accordance with data protection regulations (in accordance with DIN 66399) and document the aforementioned. Backup copies, insofar as they are necessary to ensure proper data processing, as well as data that is required with regard to compliance with statutory retention obligations are excluded from this obligation.
The User and the Platform Operator shall be jointly and severally liable for the compensation of damages suffered by a data subject within the scope of the assignment in accordance with Art. 82 sec. 1 GDPR.
Pursuant to Art. 82 sec. 2 GDPR, the Platform Operator shall only be liable for such damages that the Platform Operator, its employees or the subcontractors assigned to perform the Services have demonstrably caused or if it has failed to comply with its legal obligations as a processor or has acted in disregard of or against the User's lawfully issued instructions.
Biometric access barriers; transponder locking system; manual locking system; security locks; server rooms specially secured; personnel control at reception; key & access management; careful selection of cleaning personnel; visitors are not allowed to move unaccompanied in company premises
Authentication with User & password; anti-virus software; firewalls; automatic screen lock at workstations; VPN for remote access; encryption of data carriers (AWS); possibility of access-controlled remote maintenance; central smartphone administration software; management of User authorization; "Clean Desk" policy; policy on data protection and IT security; policy on the use of external data carriers; policy on the assignment of passwords; policy on the use of private mobile devices for business purposes and private devices for private purposes respectively business devices for private purposes; data processing agreement with all service providers who process personal data on behalf of the company; documentation of work instructions to ensure data security
Shredders and destruction of data media (min. security level 3, protection class 2 - DIN 66399); Physical deletion & overwriting of data carriers before they are reused; Logging of deletion & destruction of data (AWS); Logging of accesses to applications, especially when entering, changing and deleting data; Automated deletion of temporary data stores; Number of administrators reduced to the "bare minimum"; Unique assignments of accounts (AWS); Management of User rights by system administrators; Role and authorization concept
Pseudonymization; separation of production and test system; multi-client capability of relevant applications (AWS); provision of data records with purpose attributes and data fields; logical client separation (software-side); definition of database rights
Email encryption & signature; encrypted connections such as sftp and https as well as data containers; checksums to validate data; documentation of recipients of data and agreed retention and deletion periods
Logging of data entry as well as modification, and deletion (AWS); logging of User logins to data processing systems (AWS); versioning; traceability of data entry, modification, and deletion through individual user names (AWS); assignment of rights for data entry, modification, and deletion based on an authorization concept; logging of support tickets
Smoking ban in business premises; fire and smoke alarm systems, especially server rooms; uninterruptible power supply (AWS); air conditioning in server rooms (AWS); data protection safe (S60DIS, S120DIS or similar - AWS); RAID system and hard disk mirroring; server connected to Internet via redundant line; alarm message in case of unauthorized access to server rooms (AWS); storage of data backup in a secure, outsourced location (AWS); regular backup with backup & recovery concept; IT emergency plan; regular test of data recovery; central hardware and software release; central update management for software
Load balancing for central IT systems (AWS); IT systems with dynamically available storage & computing capacity; regular load testing of data processing systems (AWS); storage and computing capacities planned in advance and with security markups
Central documentation of all procedures and regulations on data protection with access options for employees; annual review of the effectiveness of technical protection measures (audit); regular training and sensitization of employees (at least annually); IT security officer; formalized process for responding to requests for information from data subjects; retention and deletion concept
Regulation on the use of sub-processors; Documentation of instructions; Ongoing review of the sub-processor and its activities; control rights vis-à-vis the sub-processor; Ensuring deletion & destruction of data after termination of the contract
Easy exercise of consent to data processing and revocation by the data subject through technical measures; limitation of the collection of data to that which is necessary for the specific purpose
Last update: 14.11.2023