Loading
Please wait a moment

Data Processing Agreement

Agreement on the Processing of Personal Data
on behalf of a Client in accordance with Art. 28 GDPR

between

${client}

- hereinafter referred to as the "Client" -

and
insight.out GmbH, Hauptstraße 101, 67433 Neustadt an der Weinstraße, represented by the management

- hereinafter referred to as the "Client" -

Preamble

This agreement specifies the data protection obligations of the contracting parties arising from the use of the Contractor's "test.box" tool, the subscription "main contract" related to it and the general terms and conditions. It applies to all activities related to the main contract, in which employees of the Contractor or third parties commissioned by the Contractor may come into contact with personal data of the client.

  1. Subject matter of the contract
    In the context of the performance of the main contract, it is necessary for the Contractor to handle personal data for which the client acts as the controller within the meaning of data protection regulations (hereinafter referred to as "Client Data"). This contract specifies the data protection rights and obligations of the parties in connection with the Contractor's handling of Client Data for the performance of the main contract.
  2. Scope of the Contract
  3. Authority of the Client to Issue Instructions
  4. Responsibility of the Client
  5. Requirements for Personnel
    The contractor must obligate all individuals who process client data to maintain confidentiality with respect to the processing of client data.
  6. Security of Processing
  7. Engaging Subprocessors
  8. Rights of data subjects
  9. Notification and support obligations of the contractor
  10. Data deletion
  11. Proof and Verification
  12. Duration of Contract and Termination
  13. Liability
  14. Final provisions

${signatures}
Attachments:
Attachment 1: Purpose, nature and scope of data processing, type of data and categories of data subjects
Attachment 2: Other processors
Attachment 3: Technical and organizational measures of the processor

Attachment 1: Purpose, nature and scope of data processing, type of data and categories of affected persons

Purpose of data processing Provision of software services; entering customer and employee data of the client into software solution for the purpose of using the software; processing and digitization of psychological assessments
Nature and scope of data processing See main contract
Type of data
  • Personal master data
  • Date of birth
  • Test data
  • Device information (e.g. model, version, browser)
  • Communication data (e.g. telephone, email)
  • Contract master data (contractual relationship, product or contractual interest)
  • Customer history
  • Contract billing and payment data
  • Planning and control data
Categories of affected persons
  • Customers
  • Patients
  • Interested parties
  • Employees
  • Contact persons

Attachment 2: Other data processors

Company, Address Type of processing Purpose Type of data Categories of affected persons
netcup GmbH
Daimlerstr. 25
76185 Karlsruhe
Storage Provision of the tool see Attachment 1 see Attachment 1
Unzer E-Com GmbH
Vangerowstraße 18
69115 Heidelberg
Payment processing Settlement of invoice and payment transactions Contract billing and payment data Customers
Unzer Luxembourg S.A. Société anonyme,
1, Place du Marché,
L-6755 Grevenmacher
Payment processing Settlement of invoice and payment transactions Contract billing and payment data Customers

Appendix 3: Technical and Organizational Measures of the Contractor

  1. Confidentiality (Art. 32 (1) (b) GDPR)
    1.1 Physical Access Control
    1.2 System Access Control
    1.3 Data Access Control
    1.4 Separation Control
    1.5 Pseudonymization
  2. Integrity (Art. 32 para. 1 lit b. GDPR)
    2.1 Disclosure Protocols
    2.2 Incoming Inspection
  3. Availability and resilience (Art. 32 para. 1 lit. B GDPR)
    3.1 Availability control
  4. Procedures for regular review, assessment and evaluation (Art. 32 para. 1 lit. d GDPR; Art. 25 para. 1 GDPR)
    4.1 Data protection measures
    4.2 Incident Response Management
    4.3 Data Protection by Design and Default
    4.4 Order control (outsourcing to third parties)
Updated on Aug 18, 2022