Coeus Solutions

Germany

(1) Data processing The Processor shall process personal data exclusively in accordance with this Agreement and/or the underlying Principal Agreement and in accordance with the Controller’s instructions. (2) Data subjects’ rights a. The Processor shall, within its capabilities, assist the Controller in complying with the rights of data subjects, particularly with respect to rectification, restriction of processing, deletion of data, notification and information. If the Processor processes the personal data specified under Sect. 5 of this Agreement on behalf of the Controller and these data are the subject of a data portability request under Art. 20 GDPR, the Processor shall, upon request, make the dataset in question available to the Controller within a reasonably set time frame, otherwise within fourteen business days, in a structured, commonly used and machine-readable format. b. If so, instructed by the Controller, the Processor shall rectify, delete or restrict the processing of personal data specified under Sect. 5 of this Agreement. The same applies if this Agreement stipulates the rectification, deletion or restriction of the processing of data. c. If a data subject contacts the Processor directly to have his or her personal data specified under Sect. 5 of this Agreement rectified, deleted or the processing restricted, the Processor shall forward this request to the Controller immediately upon receipt. (3) Monitoring duties a. The Processor shall ensure, by means of appropriate controls, that the personal data processed on behalf of the Controller are processed solely in accordance with this Agreement and/or the Principal Agreement and/or the relevant instructions. b. The Processor shall organize its business and operations in such way that the data processed on behalf of the Controller are secured to the extent necessary in each case and protected from unauthorized access by third parties. c. The Processor confirms that it has appointed a Data Protection Officer in accordance with Art. 37 GDPR and, if applicable, in accordance with Sect. 38 FDPA, and that the Processor shall monitor compliance with data protection and security laws. The Processor’s Data Protection Officer currently is: Kathrin Schürrmann ISiCO Datenschutz GmbH Am Hamburger Bahnhof 4 10557 Berlin The Processor shall notify the Controller in writing or in text form of the new person in the event of a change. The Data Controller can contact the data protection officer by Email to dataprotection@coeus-solutions.de (4) Information duties a. The Processor shall inform the Controller immediately if, in its opinion, an instruction issued by the Controller violates legal regulations. In such cases, the Processor shall be entitled to suspend execution of the relevant instruction until it is confirmed or changed by the Controller. b. The Processor shall assist the Controller in complying with the obligations set out in Articles 32 to 36 GDPR considering the nature of processing and the information available to the Processor. (5) Location of processing a. The processing of the data shall in principle take place in the territory of the Federal Republic of Germany, in a member state of the European Union or in another contracting state of the Agreement on the European Economic Area. Any transfer to a third country may only take place if the special requirements of Art. 44 et seqq. GDPR are fulfilled. b. Data processing on behalf of the Data Controller may only be performed at a location other than the Data Processor's business premises with the written consent of Data Controller.

6) Deletion of personal data in connection with Recognition providing Personal data, that is mentioned in a customer Recognition, is distorted by the Customer Feedback Management Team according to the WorkHub Feedback Guidelines. This data can only be made visible by the System Administrator or Leadership Team of the Customer Feedback Management Team and will deleted by the Processor within the WorkHub systems upon completion of the commission. Personal data, that is provided by the Data Subject during the Customer Dialog process, will be deleted within the WorkHub systems by the Processor upon completion of the commission. Personal data, that have been provided by the Data Subject in relation to a complaint or request for a Recognition link, will deleted within the WorkHub systems by the Processor after the case is closed by the Processor. (7) Deletion of personal data upon completion of the commission When the Contract comes to an end, the Processor shall hand over to the Controller all personal data, documents, data processing and use reports in the Data Processor's possession related to the commissioned data processing and shall delete its records thereof in accordance with data protection and security laws and the instructions of the Controller. This applies also to any data backups stored with the Processor. This does not apply to data, that has been processed to provide a Third-Party service (e.g., Google Feed); these data will be deleted according to the rules of the Third-Party Provider, when the Contract comes to an end. Also, data, that in accordance with the rules of the Contract, is the sole ownership of the Processor, will not be deleted when the Contract comes to an end, but stored in accordance with the data protection and security laws. The deletion of the data above and the documents in accordance with data protection and security laws shall be documented and confirmed to Controller in writing with reference to the date of the deletion.

The processing of the data shall in principle take place in the territory of the Federal Republic of Germany, in a member state of the European Union or in another contracting state of the Agreement on the European Economic Area. Any transfer to a third country may only take place if the special requirements of Art. 44 et seqq. GDPR are fulfilled. b. Data processing on behalf of the Data Controller may only be performed at a location other than the Data Processor's business premises with the written consent of Data Controller. As a rule, data may not be processed in private households ("home offices") unless the Data Controller has given its express written consent. This Agreement does not apply to employees ensuring the SLA of the services and the functionalities of the Data Processor, stipulated by contract between the parties. The Data Processor shall however limit this access to the extent necessary and ensure that appropriate technical and organisational measures for this access are implemented.

no

When someone requests for data to be removed from BRAVO, we remove their account completely from our servers.

yes

no

yes

info@getbravo.io

no

no

yes

no