Home Privacy Policy

Privacy Policy regarding the Processing of Order Data

 

§ 1 Object of the contract

The object of this contract is to ensure that privacy regulations are observed by VERA Software GmbH. Order-related data are processed under the software license purchase agreement between the parties.

§ 2 Policy

1) VERA Software GmbH promises to ensure the confidentiality of the client's data. It promises in particular to observe the current version of all of the provisions relating to data protection and data processing, and will continuously monitor the observance of the relevant provisions.

2) VERA Software GmbH will exclusively use the disclosed data provided by the client for the individual order as delineated by this contract to perform the entrusted tasks. Any processing and use of the client's data for other purposes is expressly forbidden.

3) VERA Software GmbH must protect the client's data from unauthorized access by undertaking appropriate technical and organizational measures. This includes in particular protection against unauthorized or accidental destruction, accidental loss, technical errors, adulteration, theft, illegal use, unauthorized changes, copying, access and all other types of unauthorized processing. Upon request, VERA Software GmbH will provide proof to the client that the corresponding measures are being pursued. VERA Software GmbH will protect data carriers that are to be deleted, processed or archived from unauthorized access and loss, including during transport.

4) VERA Software GmbH promises to regularly keep to the client informed about the assigned tasks, and to provide immediate notification when data processing errors or irregularities are identified and coordinate the subsequent strategy with VERA Software GmbH. 5) VERA Software GmbH states that it has appointed an authorized privacy officer in writing. The privacy officer is responsible for observing the regulations of the BDSG (Federal Data Protection Act) and other privacy regulations in the context of the contractual relationship maintained by VERA Software GmbH. 6) All of the aforementioned rights and duties shall continue for a minimum period of two years after the individual order is concluded starting with the expiration of the calendar year in which the contract is terminated. All relevant documents must also remain accessible for this period.

§ 3 Details to be regulated in the order

In the eventuality that VERA Software GmbH will come into contact with the client's personal data, the individual order will document the object and term of the order as well as the technical and organizational measures stipulated by § 9 BDSG including the Annex, as well as the procedures for reporting, deleting and blocking data.

§ 4 Personal data

In the event that VERA Software GmbH processes personal data while rendering the services listed in this contract, the data will be processed as order data for the client pursuant to § 11 BDSG.

§ 5 Data processing

When processing data, that is, when saving, changing, transmitting, blocking and/or deleting data, VERA Software GmbH is obligated pursuant to § 11 BDSG to exclusively fallow the client's instructions. The instructions must be in writing. Without instructions, VERA Software GmbH may not process the provided data for its own purposes or for the purposes of third parties.

§ 6 Responsibilities

VERA Software GmbH is solely responsible for ensuring that the data is reliably processed and used according to the provisions of the BDSG, the German Law on Telecommunications (TKG) and/or other relevant privacy provisions, and for protecting the rights of all participants.

§ 7 Problems

VERA Software GmbH must immediately inform the client in the case of problems, suspected privacy violations and other irregularities that arise when processing the data.

§ 8 Monitoring

1) The client is entitled to monitor the fulfillment of the provisions of the BDSG, TKG and/or other relevant privacy provisions, including the measures undertaken to ensure privacy. This review may occur during normal business hours at the contractor's business facilities after prior notification within a reasonable period of notice. The client is entitled to inspect the documents and data carriers maintained by the contractor that relate to the data provided by VERA Software GmbH and/or the client. The inspection will be performed exclusively by the client's company privacy officer. Should the privacy officer become privy to information relating to VERA Software GmbH during his audit that exceeds the information necessary to perform to this duties, he is also obligated to maintain confidentiality toward the client of VERA Software GmbH.

2) Should the contractor and/or its client need to be granted access to personal data or confidential company data to provide services outside of the facilities of VERA Software GmbH, the client is entitled to determine at any time if the data is being handled properly as required.

§ 9 New requirements

If new legal requirements make it necessary to amend these provisions relating to privacy, the parties will immediately reach an agreement to ensure that the legal requirements are satisfied.

§ 10 Rights to data

VERA Software GmbH does not accrue any rights to the client's data saved while performing individual contracts, especially personal third-party data.

§ 11 Use of data

VERA Software GmbH will process and use the personal data that it acquires to process exclusively to fulfill its obligations arising from the individual contract as pursuant to BDSG and TKG.

§ 12 Employees

VERA Software GmbH will only use employees and subcontractors who are bound to maintain at a minimum the level of confidentiality defined within this agreement, and whose obligations will extend beyond the conclusion of their activities for the contractor and this project contract.

§ 13 Owner of data

The client will remain the owner of the data both contractually and as defined by privacy law. The client remains the sole arbiter of if, and to what extent, third parties will enter and access data. To the extent that these third parties permit the use of data, the client will make arrangements for authorization, issue a password, etc. and notify VERA Software GmbH. The client is also considered the order at all times of this information and any data relating to the access of authorized persons and the prevention of access by unauthorized persons.

§ 14 Divulgence of data

As the party solely authorized to dispose of the data, the client is entitled at all times during the contractual relationship to request in writing that parts or all of the data be divulged, in particular the most recent backup, and is also responsible for bearing the associated costs.

§ 15 Termination of the right of used

1) Upon termination of the contractual relationship, VERA Software GmbH is no longer authorized to use the data. The data will be handed over in a conventional format. VERA Software GmbH will then immediately delete the remaining copies of the data and demonstrate to the client upon request that this has been done, providing that deletion is not prohibited by law. In this case, the authorization to inspect and monitor that is regulated in this contract will continue.

2) Whatever the reason for the termination of the contractual relationship between the parties, VERA Software GmbH is not entitled to retain the data or documents.

§ 16 Data security

1) In its function as a processor of order data, VERA Software GmbH is responsible pursuant to § 11 BDSG for undertaking the relevant technical and organizational safety measures agreed upon with the client and stipulated by § 9 BDSG, including the annexes to § 9 BDSG. This obligation of the contractor relates in particular to logical and physical data security.

2) When the parties use software within the scope of their responsibilities, they promised to undertake appropriate measures such as employing sufficiently qualified personnel or observing specific procedures to ensure that the software is properly used. And they also promised to follow the recognized principles of proper data processing, provided appropriate virus protection and backups, and undertake within the scope of the responsibilities all standard, state-of-the-art IT measures relevant to the current context.

3) No longer required testing materials and scrap that arises during the performance of this contract for which the contractor is responsible will be destroyed by the contractor while observing the necessary safety measures.

4) The parties promise to not assign or disclose to any unauthorized parties the access rights for using the systems of the other party.

5) VERA Software GmbH is forbidden to use data from testing, acceptance and production outside of the bounds of this contract. To ensure data protection and security, the parties agree to strictly separate testing, acceptance and production data. Original data defined as personal data pursuant to the BDSG may only be used in test environments after being altered so that it cannot be assigned to individuals or identifiable persons.


Go back

Your experience on this site will be improved by allowing cookies - read more.