Contract on Data Processing

Contract on Data Processing
according to Art. 28 General Data Protection Regulation (GDPR)

1. Subject-matter and Duration of the Processing

Subject-matter and duration of the processing result from the contract concluded between the parties (hereinafter referred to as "Main Contract").

2. Nature and Purpose of the Processing

2.1. The purpose of the processor is to provide the controller with a platform for the management of his vineyard operation. For this purpose, information on all operational resources (in particular employees, resources such as equipment, etc. and the managed area) of the controller is processed on the platform. This serves the efficient administration of the controller's operations and resource management.

2.2. In order to simplify the login procedure for users, the Processor offers a user platform in parallel with the contractual processing of Client Data, for which the Processor is the Controller within the meaning of Art. 4 No. 7 of the GDPR . This platform serves to simplify the registration process for the User by means of a central login function. In doing so, the User has the option of sharing his centrally stored data with one or more companies that use the Contractor's services and transmitting it to the latter. For this purpose, the Principal has the optional possibility to generate an invitation for each user (e.g. employee, contractor) with an individual code or token, which, however, does not contain any personal characteristics. If the user wants to transmit his centrally stored data to the company, he only has to enter the code or token provided to him on the user platform. A copy of the data record previously stored exclusively on the user platform is then transmitted to the Principals account at the Processor and processed there.

3. Types of Personal Data

3.1. The following types of data are the subject of this contract:

4. Categories of Data Subjects

4.1. In the course of Performance of the contract, the Processor processes personal data of the following categories of persons:

5. Subject-matter of the Contract

5.1. Within the scope of the provision of services according to the main contract, it is necessary that the Processor handles personal data of third parties for which the Controller acts as the responsible party in the sense of the data protection regulations (hereinafter referred to as "Controller-Data"). This Agreement specifies the rights and obligations of the parties with regard to data protection legislation arising from the handling of Controller-Data by the Processor for the purpose of performing the main agreement.

6. Scope of the commissioning

6.1. The Processor shall process the Controller-Data on behalf and in accordance with the instructions of the Controller within the meaning of Art. 28 GDPR (Processing on Behalf). The Controller remains the controller in terms of data protection law.

6.2. The Processor reserves the right to anonymize or aggregate the Controller-Data in such a way that it is no longer possible to identify individual data subjects, and to use them in this form for the purpose of needs-based designing, developing and optimizing as well as rendering of the services agreed as per the Main Agreement. The parties agree that anonymized and according to the above requirement aggregated Controller-Data are not considered Controller-Data for the purposes of this agreement.

6.3. The Processor may process and use the Controller-Data for his own purposes as controller to the extent legally permitted by data protection law, if permitted by a statutory permission or consent by the data subject. This Agreement does not apply to such data processing.

6.4. The processing of Controller-Data by the Processor shall in principle take place inside the European Union or another contracting state of the European Economic Area (EEA). The Processor is nevertheless permitted to process Controller-Data in accordance with the provisions of this agreement outside the EEA if he informs the Controller in advance about the place of data processing and if the requirements of Art. 44 to 48 GDPR are fulfilled or if an exception according to Art. 49 GDPR applies.

7. Right of the Controller to issue instructions

7.1. The Processor processes the Controller-Data in accordance with the instructions of the Controller, unless the Processor is legally required to do otherwise. In the latter case, the Processor shall inform the Controller of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest.

7.2. The instructions of the Controller are in principle conclusively stipulated and documented in the provisions of this agreement. Individual instructions which deviate from the stipulations of this agreement or which impose additional requirements shall require the Processor's consent and shall be made in accordance with the change request procedure laid down in the Main Agreement, in which the instruction shall be documented and any additional costs incurred by the Processor as a result thereof shall be borne by the Controller.

7.3. The Processor shall ensure that the Controller-Data is processed in accordance with the instructions given by the Controller. If the Processor is of the opinion that an instruction given by the Controller infringes this agreement or applicable data protection law, he is after correspondingly informing the Controller entitled to suspend the execution of the instruction until the Controller confirms the instruction. The parties agree that the sole responsibility for the processing of the Controller-Data in accordance with the instructions lies with the Controller.

7.4. If it is deemed unacceptable to the Processor to carry out an instruction of the Controller, the Processor shall be entitled to terminate the main agreement and this agreement by extraordinary notice.

8. Legal Responsibility of the Controller

8.1. The Controller is solely responsible for the permissibility of the processing of the Controller-Data and for safeguarding the rights of data subjects in the relationship between the parties. Should third parties assert claims against the Processor based on the processing of Controller-Data in accordance with this agreement, the Controller shall indemnify the Processor from all such claims upon first request.

8.2. The Controller is responsible to provide the Processor with the Controller-Data in time for the rendering of services according to the Main Agreement and he is responsible for the quality of the Controller-Data. The Controller shall inform the Processor immediately and completely if during the examination of the of the Processor's results he finds errors or irregularities with regard to data protection provisions or his instructions.

8.3. On request, the Controller shall provide the Processor with the information specified in Art. 30 para. 2 GDPR, insofar as it is not available to the Processor himself.

8.4. If the Processor is required to provide information to a governmental body or person on the processing of Controller-Data or to cooperate with these bodies in any other way, the Controller is obliged at first request to assist the Processor in providing such information and in fulfilling other cooperation obligations.

9. Requirements for personnel and systems

9.1. The Processor shall commit all persons engaged in processing Controller-Data to confidentiality with respect to the processing of Controller-Data.

10. Security of processing

10.1. The Processor takes according to Art. 32 GDPR necessary, appropriate technical and organizational measures, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the Controller-Data, as well as the different likelihood and severity of the risk to the rights and freedoms of the data subjects, in order to ensure a level of protection of Controller-Data appropriate to the risk. The technical organizational measures of the Processor used at the time of conclusion of the contract are described in Annex 2.

10.2. The Processor shall have the right to modify technical and organizational measures during the term of the agreement, as long as they continue to comply with the statutory requirements.

11. Engagement of further processors

11.1. The Controller grants the Processor the general authorization to engage further processors with regard to the processing of Controller-Data. Further processors consulted at the time of conclusion of the agreement result from Annex 1. In general, no authorization is required for contractual relationships with service providers that are concerned with the examination or maintenance of data processing procedures or systems by third parties or that involve other additional services, even if access to Controller-Data cannot be excluded, as long as the Processor takes reasonable steps to protect the confidentiality of the Controller-Data.

11.2. The Processor shall notify the Controller of any intended changes in relation to the consultation or replacement of further processors. In individual cases, the Controller has the right to object to the engagement of a potential further processor. An objection may only be raised by the Controller for important reasons which have to be proven to the Processor. Insofar as the Controller does not object within 14 days after receipt of the notification, his right to object to the corresponding engagement lapses. If the Controller objects, the Processor is entitled to terminate the Main Agreement and this agreement with a notice period of 3 months.

11.3. The agreement between the Processor and the further processor must impose the same obligations on the latter as those incumbent upon the Processor under this agreement. The parties agree that this requirement is fulfilled if the contract has a level of protection corresponding to this agreement, respectively if the obligations laid down in Art. 28 para. 3 GDPR are imposed on the further processor.

11.4. Subject to compliance with the requirements of Section 6.4 of this agreement, the provisions of this Section 7 shall also apply if a further processor in a third country is involved. The Controller hereby authorizes the Processor to conclude an agreement with another processor on behalf of the Controller based on the standard contractual clauses for the transfer of personal data to processors in third countries pursuant to the decision of the European Commission of February 5th in 2010. The Controller declares his willingness to cooperate in fulfilling the requirements of Art. 49 GDPR to the extent necessary.

12. Engagement of Third Parties

12.1. In order for the Processor to perform its services properly, it is necessary to involve third parties in the data processing. For this reason, the Processor works together with Mapbox to display the operating areas of the Controller and to display position data in maps. Each time a map is accessed, the content is downloaded from the servers of Mapbox Inc (Mapbox Inc., 1509 16th St NW, Second Floor, Washington, DC 20036) to the accessing device. In doing so, Mapbox processes the IP address of the end user and acts as an independent responsible party within the meaning of the GDPR. The Controller agrees to the above described transfer of Controller Data to third parties and instructs the Processor accordingly.

13. Data subjects' rights

13.1. The Processor shall support the Controller within reason by virtue of technical and organizational measures in fulfilling the latter's obligation to respond to requests for exercising data subjects' rights.

13.2. As far as a data subject submits a request for the exercise of his rights directly to the Processor, the Processor will forward this request to the Controller in a timely manner.

13.3. The Processor shall inform the Controller of any information relating to the stored Controller-Data, about the recipients of Controller-Data to which the Processor shall disclose it in accordance with the instruction and about the purpose of storage, as far as the Controller does not have this information at his disposal and as far as he is not able to collect it himself.

13.4. The Processor shall, within the bounds of what is reasonable and necessary, against reimbursement of the expenses and costs incurred by the Processor as a result of this and to be proven enable the Controller to correct, delete or restrict the further processing of Controller-Data, or at the instruction of the Controller correct, block or restrict further processing himself, if and to the extent that this is impossible for the Controller.

13.5. Insofar as the data subject has a right of data portability vis-à-vis the Controller in respect of the Controller-Data pursuant to Art. 20 GDPR, the Processor shall support the Controller within the bounds of what is reasonable and necessary in return for reimbursement of the expenses and costs incurred by the Processor as a result of this and to be proven in handing over the Controller-Data in a structured, commonly used and machine-readable format, if the Controller is unable to obtain the data elsewhere.

14. Notification and support obligations of the Processor

14.1. Insofar as the Controller is subject to a statutory notification obligation due to a breach of the security of Controller-Data (in particular pursuant to Art. 33, 34 GDPR), the Processor shall inform the Controller in a timely manner of any reportable events in his area of responsibility. The Processor shall assist the Controller in fulfilling the notification obligations at the latter's request to the extent reasonable and necessary in return for reimbursement of the expenses and costs incurred by the Processor as a result thereof and to be proven.

14.2. The Processor shall assist the Controller to the extent reasonable and necessary in return for reimbursement of the expenses and costs incurred by the Processor as a result thereof and to be proven with data protection impact assessments to be carried out by the Controller and, if necessary, subsequent consultations with the supervisory authority pursuant to Art. 35, 36 GDPR.

15. Deletion and return of Controller-Data

15.1. The Processor shall delete the Controller-Data upon termination of this agreement, unless the Processor is obligated by law to further store the Controller-Data.

15.2. The Processor may keep documentations, which serve as evidence of the orderly and accurate processing of Controller-Data, also after the termination of the agreement.

16. Evidence and audits

16.1. The Processor shall provide the Controller, at the latter's request, with all information required and available to the Processor to prove compliance with his obligations under this agreement.

16.2. The Controller shall be entitled to audit the Processor with regard to compliance with the provisions of this agreement, in particular the implementation of the technical and organizational measures; including inspections.

16.3. In order to carry out inspections in accordance with Section 16.2 the Controller is entitled to access the business premises of the Processor in which Controller-Data is processed within the usual business hours (Mondays to Fridays from 10 a.m. to 6 p.m.) after timely advance notification in accordance with Section 16.5 at his own expense, without disruption of the course of business and under strict secrecy of the Processor's business and trade secrets.

16.4. The Processor is entitled, at his own discretion and taking into account the legal obligations of the Controller, not to disclose information which is sensitive with regard to the Processor's business or if the Processor would be in breach of statutory or other contractual provisions as a result of its disclosure. The Controller is not entitled to get access to data or information about the Processor's other customers, cost information, quality control and contract management reports, or any other confidential data of the Processor that is not directly relevant for the agreed audit purposes.

16.5. The Controller shall inform the Processor in good time (usually at least two weeks in advance) of all circumstances relation to the performance of the audit. The Controller may carry out one audit per calendar year. Further audits are carried out against reimbursement of the costs and after consultation with the Processor.

16.6. If the Controller commissions a third party to carry out the audit, the Controller shall obligate the third party in writing the same way as the Controller is obliged vis-à-vis the Processor according to this Section 16 of this agreement. In addition, the Controller shall obligate the third party to maintain secrecy and confidentiality, unless the third party is subject to a professional obligation of secrecy. At the request of the Processor, the Controller shall immediately submit to him the commitment agreements with the third party. The Controller may not commission any of the Processor's competitors to carry out the audit.

16.7. At the discretion of the Processor, proof of compliance with the obligations under this agreement may be provided, instead of an inspection, by submitting an appropriate, current opinion or report from an independent authority (e.g. auditor, audit department, data protection officer, IT security department, data protection auditors or quality auditors) or a suitable certification by IT security or data protection audit – e.g. according to BSI-Grundschutz – ("audit report"), if the audit report makes it possible for the Controller in an appropriate manner to convince himself of compliance with the contractual obligations.

17. Contract term and termination

17.1. The term and termination of this agreement shall be governed by the term and termination provisions of the Main Agreement. A termination of the Main Agreement automatically results in a cancellation of this agreement. An isolated termination of this contract is excluded.

18. Liability

18.1. The Processor's liability under this agreement shall be governed by the disclaimers and limitations of liability provided for in the Main Agreement. As far as third parties assert claims against the Processor which are caused by the Controller's culpable breach of this agreement or one of his obligations as the controller in terms of data protection law affecting him, the Controller shall upon first request indemnify and hold the Processor harmless from these claims.

18.2. The Controller undertakes to indemnify the Processor upon first request against all possible fines imposed on the Processor corresponding to the Controller's part of responsibility for the infringement sanctioned by the fine.

19. Final provisions

19.1. In case individual provisions of this agreement are ineffective or become ineffective or contain a gap, the remaining provisions shall remain unaffected. The parties undertake to replace the ineffective provision by a legally permissible provision which comes closest to the purpose of the ineffective provision and that thereby satisfies the requirements of Art. 28 GDPR .

19.2. In case of conflicts between this agreement and other arrangements between the parties, in particular the Main Agreement, the provisions of this agreement shall prevail.

Annex 1:
Further Processors

At the time of conclusion of the contract, the Processor uses the following further processors to provide its services:

Processor Purpose of Engagement Country of origin
Microsoft Ireland Operations Ltd.
One Microsoft Place
South County Business Park
Leopardstown
Dublin 18
Ireland
Use of the Azure cloud platform to host the service of the Processor Ireland Server location: Germany

Annex 2:
Technical and organizational measures
according to Art. 32 GDPR

At the time of conclusion of the contract, the Processor has implemented the following technical and organizational measures:

1. Organizational Controls

1.1. How is the implementation of data protection organized?
We operate a data protection management system, which is individually adapted to the data protection implications of our company due to our unique situation.

1.2. What organizational measures have been taken to ensure that the processing of personal data complies with the law?
Our employees are regularly trained in the careful handling of all data and, in cooperation with the management and the Data Protection Officer, are invited to introduce new protective measures at any time. As a matter of principle, every employee is also obliged to maintain confidentiality, which includes not only internal company data but also personal data.

1.3. In what form are employees trained with regard to the implementation of the technical and organizational measures in accordance with Article 32 GDPR?
Our employees are instructed in detail in new systems by the respective specialist in cooperation with the Data Protection Officer. At regular intervals or when there is an acute need for information, employees are made aware of current developments in data protection in face-to-face training courses.

1.4. How are the relevant processing operations documented in terms of admissibility under data protection law (e.g. Prior Checks / Data Protection Impact Assessment)?
We keep a detailed Record of processing activities, which provides an overview of all Data Processing Activities. Furthermore, we have a formal procedure for determining the impact of new Processing Activities or procedural changes regarding Data Protection Impact Assessments. If a relevance is determined, the employees are obliged to prepare such a Data Protection Impact Assessment in cooperation with our Data Protection Officer.

1.5. Procedures for periodic review, assessment and evaluation

1.5.1. Is a Data Protection Management in place?
Yes, see measures and structure of measures in points 1.2, 1.3 and 1.4.

1.5.2. Is there a reporting process for data breaches?
Yes, the initiation of a reporting process takes place via an e-mail to legal@moosle.com or internally. Depending on the type of notification, the Data Protection Officer will either carry out the follow-up actions himself or call in a technically specialized employee to carry them out. There are internal checklists for the different types of possible violations and for the determination of an actual violation.

1.5.3. Are there data protection friendly default settings?
Yes, in our opinion it is essential to guarantee our customers freedom in the extent of data collection. For this reason, we rely on a GDPR-compliant software solution ("Privacy by Design"), which is also configured by default so that only the minimum amount of personal data is collected ("Privacy by Default").

1.6. Information on Articles 15, 16, 17, 18, 20 GDPR

1.6.1. Is there a workflow for Art. 15 GDPR (Right of Information)?
Yes, a request for information is checked for several points before being answered. These include ensuring the identity of the applicant, the scope of the information and other points which are checked as a checklist. This workflow serves primarily to prevent the output of personal data to unauthorized persons.

1.6.2. Is there a workflow for Art. 16 GDPR (Right of Rectification)?
Yes, a request for rectification is checked for several points before being replied to. These include ensuring the identity of the applicant, the scope of the rectification and other points that are checked as a checklist. This workflow is primarily intended to prevent unauthorized persons from improperly modifying personal data.

1.6.3. Is there a workflow for Art. 17 GDPR (Right of Deletion)?
Yes, a request for deletion is checked for several points before being answered. These include ensuring the identity of the applicant, the scope of the deletion and other points that are checked as a checklist. This workflow serves primarily to prevent the improper deletion of personal data by unauthorized persons.

1.6.4. Is there a workflow for Art. 18 GDPR (Right to Limitation)?
Yes, a request for restriction is checked for several points before being answered. These include ensuring the identity of the applicant, the scope of the restriction and other points that are checked as a checklist. This workflow serves primarily to prevent the improper restriction of personal data by unauthorized persons.

1.6.5. Is there a workflow for Art. 19 GDPR (Right to Data Portability)?
Yes, a request for data portability is checked for several points before being answered. These include, among other things, ensuring the identity of the applicant, the necessary extent of data transfer and other points that are checked as a checklist. This workflow serves primarily to prevent the improper transmission of personal data by unauthorized persons.

2. Entrance Control Measures

2.1. How are the buildings where the processing takes place secured against unauthorized access?
We currently process data in two buildings that are currently equipped with a standard locking system. Since the data is not physically located in these buildings for the most part, we are currently dispensing with security personnel or other heavy security measures.

2.2. How are the premises/offices where the personal data are processed secured against unauthorized access?
The rooms where processing takes place are lockable. The room in which data to be processed can be physically stored is additionally provided with a grating in front of the window.

2.3. How are the hardware components themselves protected against misuse?
Most of the infrastructure is in the cloud, so it could not be stolen directly from us and in general theft is very unlikely / impossible, see the TOM of our subcontractors. Our own workstations are in lockable rooms and are additionally secured with a bitlocker code, so that all data media are encrypted in case of theft. At the end of work, the equipment is simply shut down and the rooms locked.

2.4. How are the implemented Entrance Control Measures checked for suitability?
The locking systems are regularly checked for function and the completeness of the keys stored and issued is regularly checked.

3. Access Control Measures

3.1. User administration

3.1.1. How is user account assignment done?
Currently only the two shareholders have user access. A procedure for the allocation of further accesses is therefore not necessary for the time being.

3.1.2. How is the validity of user accounts checked?
Due to the size of the company, the validity of user accesses is the same as the allocation of user accesses, see point 3.1.1.

3.1.3. How are user accounts (including application and approval procedures, change procedures) documented?
Currently, no access is granted besides the management. In the Moosle application, your account administrator can create accesses himself, switch them on and off and force the users to change their password. All users and their activation status are displayed in a practical overview, which is protected by the role system, directly in the application.

3.1.4. How do you ensure that
a) The allocation of administration accesses is limited to the necessary number?
b) These administrators are professionally and personally suitable?
c) External administrators, service or maintenance technicians are personally suitable?

The exclusive administration of all accesses by the managing directors ensures that the necessary number of administrative accesses is not exceeded and that each access is professionally and personally suitable. External administrators or service staff are not required, since the maintenance of the servers is the responsibility of our subcontractors.

3.2. Password Security

3.2.1. How is it achieved that passwords are only known to the respective user and not to unauthorized persons?
As a fundamental principle, there is a strict ban on the passing on of access. It is also in our business interest to be able to document the data processing of our employees on a personal basis. Furthermore, employees are instructed not to write down their passwords or to store them in any other way without encryption.

3.2.2. What are the complexity requirements for passwords?
The password must be at least 8 characters long, contain at least one number, one capital and one small letter. All characters are allowed.

3.2.3. How is it ensured that the user can or must change his password regularly?
When creating a new user access in the data processing systems, the administrator has no insight into the initial password assigned to the user. The user is forced to create a new, personal password on initial access. The user still has the option of changing his or her password at any time. The Moosle application follows the same scheme.

3.2.4. How is the administration of passwords done?
The passwords to data processing systems are stored and administered separately and securely by a password manager. In the Moosle application the administration runs as follows: When your administrator creates a user, he assigns a first password and tells the user this password. The user can now log in with company number, username and the first password. If the logon was successful, the user is prompted to change his password before continuing to the application. If he does not do so, he is logged off and cannot use the application until he has changed his password. Your administrator can request an employee to change his password at any time at the push of a button. In this case this must be done again immediately after login.

3.2.5. What measures are taken in the event of failed logon attempts to prevent unauthorized access?
All systems used for data processing use a so-called two-factor authentication, i.e. access from a foreign device is only possible after explicit confirmation via a second, independent authentication procedure.

3.2.6. What organizational measures are taken to prevent unauthorized access to personal data at the workplace?
All employees are instructed never to leave their PCs, tablets and other end devices unattended if contact with unauthorized persons cannot be ruled out. Even in cases where contact with unauthorized persons cannot be assumed, the devices will only be locked and if possible, monitored by an employee.

4. Data Access Control Measures

4.1. How is it ensured that roles / access authorizations are assigned according to requirements and limited in time?
In principle, roles / access authorizations are only assigned if it is considered sensible by both managing directors. Even then, the principle of temporal justification exists, i.e. if the basis for which the employee was granted a certain access authorization is no longer valid, this authorization is withdrawn.

4.2. How is the documentation of access authorizations done?
Currently, the two managing directors share the holistic administration rights, so documentation is not necessary.

4.3. How is it ensured that users do not misuse their access rights?
The access logs can be used to track the activities of the users. In addition, the data processing systems are regularly checked by both managing directors for abusive activities.

5. Separation Control Measures

5.1. What measures are taken to ensure the separation requirement, in particular with regard to the purpose of the personal data?
We store the data to be processed strictly separated in client-specific databases at our subcontractors. For security reasons, we also use separate test systems in our development work. A more detailed list of measures concerning the servers on which the data is stored can be found in the TOM of our subcontractors.

6. Transfer Control Measures

6.1. How do you ensure the integrity and confidentiality of personal data?
All data is encrypted by SSL during transmission and is then stored in a data bank / blob storage, which in turn can only be opened / viewed with special access data and an authentication in 2 steps.

6.2. Which encryption systems are used when transferring personal data?
All our mail traffic and other data transfers are exclusively encrypted. Mostly the encryption procedure is used, which is applied via SSL certificates.

6.3. How is the transfer of personal data documented?
In addition to access protocols for internal data transfers, there are clear lists of recipients in case of external transfers. This enables us to track who has had contact with personal data outside our subcontractors.

6.4. How is the unauthorized flow of personal data restricted by technical measures?
A user must have been authenticated and authorized to use the application and/or the interfaces. This is done through our login mechanism. This requires the company identification, a username and a password. Furthermore, the user must have been activated by the customer administrator. In addition to this, a role system is integrated, which limits the acquisition of data and the display of views depending on the authorization level. Thus, sensitive data cannot be viewed by normal employees. For further measures on database level we refer to the TOMs of our subcontractors.

6.5. Is there a control system that can detect an unauthorized leak of personal data?
Currently, the only way to find out which user / IP called which specific method is the server-side logbook. In order to ensure even better traceability in case of an emergency, this logging is constantly being intensified.

7. Input Control Measures

7.1. What measures are taken to trace who has accessed the applications, when and for how long?
The data processing systems have access logs that allow the activities of the users to be tracked.

7.2. How can it be traced which activities were carried out on the corresponding applications?
See point 7.1. Further, technical information about the exact protocol can be found in the TOM of our subcontractors.

8. Output Control Measures

8.1. What measures are taken to ensure that the processing of personal data by the staff in charge can only take place in accordance with the instructions of the controller?
All employees are required to sign a confidentiality agreement before using our systems, which, among other things, obliges them to maintain confidentiality and to process personal data appropriately. This also includes the deletion of all issued data after the end of the purpose of the task.

8.2. What measures are taken to ensure that subcontractors do not carry out unauthorized activities with the data provided?
We carefully select our subcontractors according to technical & organizational standards, experience reports of others and other internal preferences. Furthermore, these sub-contractors are also contractually obliged to handle personal data properly.

8.3. Are measures taken to ensure the deletion/blocking of personal data at the end of the storage period and are they technically implemented?
All databases are designed in such a way that we can remove the personal reference to each data record. The certainty that the subcontractor actually carries out this deletion / blocking and does not secretly create a copy of the data is based on our careful pre-selection and his contractual obligations towards us.

9. Availability Control Measures

9.1. Are organizational and technical measures taken to ensure the availability of data and systems as quickly as possible in the event of damage?
As already mentioned, most of the data processed within the framework of this Data Processing Agreement is held by our subcontractors. The measures taken by our subcontractors can be seen from their TOM. Data that we keep ourselves is secured independently of the power supply and is not essential for the system availability of our application.

9.2. How is it ensured that the data carriers are protected against elementary influences (fire, water, electromagnetic radiation, etc.)?
As already mentioned, most of the data processed within the framework of this Data Processing Agreement is held by our subcontractors. The measures taken by our subcontractors can be seen from their TOM. Data that we keep ourselves is regularly backed up and the backups are kept in a room protected by a fire alarm, where there are no water connections.

9.3. What protective measures are used to combat malicious programs and how is their topicality ensured?
Our system is completely protected against malware by our subcontractor Microsoft and their integrated protection measures, see their TOM. We use up-to-date anti-virus programs on workstations and generally do not store any data on our drives until the data medium has been checked. We also do this with data that we receive by mail / file-sharing, whereby these have usually already been checked by the transmitting system. Furthermore, we do not accept dubious file formats or unsolicited file transfers.

9.4. How is it ensured that data media that are no longer needed or defective are disposed of properly?
As already mentioned, most of the data processed within the framework of these GCU is held by our subcontractors. The measures taken by our subcontractors can be seen from their TOM. Data carriers on which data were stored which we ourselves will keep are destroyed after they have been taken out of service or become defective in such a way that data recovery is impossible using current technology.

9.5. How do you ensure restorability of failed systems?
In our processes we place strict requirements on the software with which personal data comes into contact. We select only the most modern and well supported software solutions, which, in conjunction with a strictly planned data backup, enables us to make any failed system quickly available again.