(1) Type of data: personal data within the meaning of 3 BDSG (including name, address, date of birth, address).

Transcription

1 Agreement on contract data processing within the meaning of 11 para 2 of Bundesdatenschutzgesetz (BDSG) [German Federal Data Protection Act] Preamble This agreement sets out the obligations of the Contracting Parties regarding data protection arising from the supplier & service relationship. Under this contractual relationship, The Team Enablers GmbH (hereinafter TTE ) is deemed to be a contractor within the data protection context of order data processing according to 11 BDSG; Please enter your company name here: (hereinafter referred to as Customer) is the client within the data protection context of order data processing according to 11 BDSG. This agreement applies to all activities relating to the contract and involving employees of TTE or TTE representatives who deal with Customer personal data. 1 Object, duration and specifications of order data processing This agreement covers the subject and duration of the contract as well as scope and type of data collection, processing or use. In particular, the following data form part of the data processing: (1) Type of data: personal data within the meaning of 3 BDSG (including name, address, date of birth, address). (2) Purpose of data collection, processing or use: TTE operates the online software application Surwayne which is designed to facilitate anonymous in-house surveys and suggest methods of improving the evaluated projects and general team work. With Surwayne TTE enables businesses (hereinafter referred to as costumers) to analyse and evaluate the improvement methods taken and their immediate effects e.g. on team spirit and efficiency, in order to optimise projects and team work individually and effectively. To use Surwayne TTE s costumers transfer personal data (e.g. the respective ad-dresses used for the surveys) to TTE. TTE processes its costumer s personal data to a data processing centre. The data processing centre processes and stores TTE s costumer s data on behalf of TTE. (3) Group of persons affected: Customer s employees, freelancers or others involved in the survey process whose data is shared with TTE for the purpose of operating the Surwayne service. The term of this agreement depends on the term of validity of the supplier & service relationship, unless the provisions of this document give rise to obligations beyond this term. 2 Scope and responsibility (1)TTE processes personal data and special personal data on behalf of Customer. This includes activities that are specified in the contract and in the service description. In

2 connection with this agreement, Customer is solely responsible for the legality of the data transfer to TTE, as well as for the legality of the processing of data and for the observance of the legal regulations of data protection laws ( responsible authority within the sense of 3 para 7 BDSG). 3 Obligations of TTE (1) TTE must collect, process or use data from those persons affected only in the context of the contract and in accordance with Customer instructions. (2) Within their area of responsibility, TTE will organise internal structures so that they meet the special requirements of data protection. They will implement technical and organizational measures for the adequate protection of Customer data that satisfy the requirements of the Federal Data Protection Act (appendix to 9 BDSG). These measures are as follows: a) Access control b) Admission control c) Controlled accessibility d) Transfer control e) Input control f) Order control g) Availability control h) Separation control TTE s right to make changes to the security measures taken remains reserved, it must however be ensured that the contractually agreed-upon level of protection does not fall short. (3) Upon request, TTE shall supply Customer with an overview in accordance with 4 para 2 p.1 BDSG, of the necessary information available, insofar as they cannot retrieve it themselves. (4) TTE ensures employees involved in the processing of Customer data and other people acting on behalf of TTE, are forbidden to collect the data, process or use it unless they have the necessary authorization (data privacy according to 5 BDSG). Data secrecy remains even after the termination of the contract. (5) TTE will immediately inform Customer of serious infringements by TTE or the persons employed by him within the framework of the agreement of provisions concerning the protection of Customer personal data or the stipulations set out in the contract. They must take all necessary steps to secure the data and reduce the potential for adverse consequences of those affected and discuss this immediately with Customer. TTE supports Customer in the fulfilment of the information obligations according to 42a of the BDSG. (6) TTE names Customer as the point of contact for data protection questions within the framework of the contract.

3 (7) TTE guarantees that he complies with his duties under 4f 4 g BDSG comply ( 11 para 2, no. 5 in connection with 11 para 4 BDSG), such as, for example, a duty to appoint a data protection officer as far as is prescribed by law. (8) TTE does not use the provided data for any purposes other than the performance of the contract. (9) TTE corrects, deletes, or stops the contractual data when Customer requests it. TTE undertakes the privacy-compliant destruction of disks and other materials on the basis of an individual order from Customer, unless already agreed in the contract. In particular cases to be determined by Customer, a retention or transfer can take place. (10) Data, data carriers, and all other materials are to be either returned to Customer or deleted once the order has been completed. Additional costs arising from different specifications for the return or deletion of the data are borne by the client. 4 Customer s obligations (1) Customer has to inform TTE immediately and completely when the order results in errors or irregularities concerning data protection provisions. (2) The obligation to keep the public procedure directory (Jedermannverzeichnis) in accordance with 4g para 2S 2 BDSG lies with Customer. 5 Requests of affected parties (1) If, on the basis of data protection laws, Customer is obliged towards an individual to provide information on the collection, processing or use of data relating to this person, TTE will help Customer to provide this information. This assumes that Customer has requested this from TTE in writing or in text form, and that Customer refunds the costs incurred by TTE in support of this request. TTE will not answer any requests for information and will refer those affected to Customer. (2) Should an affected party with demands for rectification, deletion or stoppage contact TTE, TTE will refer those parties in question to Customer. 6 Supervisory duties (1) Prior to commencing data processing and subsequently on a regular basis, Customer will satisfy itself of the technical and organisational measures of TTE and will document the results. For this purpose they may obtain, for example, information from TTE, and if necessary, demand an existing opinion of an expert or after timely consultation may personally inspect or request a qualified third party to inspect, during normal business hours, without disturbance of the business operation, insofar as they are not in a competitive relationship with TTEs.

4 (2) Upon written request, TTE commits himself to provide to Customer within a reasonable time, all information and evidence that is required to carry out an inspection. 7 Subcontracting (1) TTE is permitted to use subcontractors within the framework of activities agreed within the contract (e.g. data processing centres). (2) TTE will make arrangements with such third parties to the extent necessary to provide adequate data protection. 8 Information obligations, written form clause, choice of the applicable law (1) Should the data from Customer be jeopardised when it is with TTE as a result of seizure of goods or confiscation of property, or through insolvency or conciliation procedures, or as a result of other events or measures taken by third parties, TTE has to immediately inform Customer. TTE will inform all relevant responsible people immediately so that the sovereignty and ownership of the data lies exclusively with Customer as the responsible authority within the meaning of the Federal Data Protection Act. (2) Changes and additions to this supporting document and all its components - including any assertions of TTE - shall require a written agreement and the explicit mention that it pertains to a modification or addition to these terms and conditions. This also applies to the waiver of this formal requirement. (3) In case of objections the regulations of this document take priority over those of the contract. Should individual parts of this supporting document be invalid, this will not impact upon the effectiveness of the document overall. (4) German law shall apply. Place, date Customer name (person s name signing) / signature Date (Processor)

5 Attachment on technical and organisational measures pursuant to section 9 BDSG 1. Physical Access Control (Zutrittskontrolle) Measures to prevent unauthorized persons from gaining access to data processing systems with which personal data are processed: All TTE (and/or subcontractor) sites at which an information system that uses or houses personal data is located have reasonable security systems. TTE reasonably restricts access to such personal data appropriately. Physical access control has been implemented for all Processor data centres. Unauthorized access to the data centres is prohibited through 24x7 monitoring and access limitation. Surveillance camera on data centres entry door is installed and security monitoring by building management is implemented. Offices and work areas where personal information is processed are secured through clear desk and clear screen requirements, office lock-up procedures and the use of secure cabinets and containers. Delivery and loading areas are controlled and isolated from information processing facilities to avoid unauthorized access. Secured areas are protected with appropriate entry controls to ensure that only authorized personnel are allowed access. The measures to protect such secure areas shall include pass and badge controls, visitor sign-in and employee requirements to challenge any unbadged or unknown persons. Technical controls are implemented to ensure the physical security of information systems components against security threats. Network and server equipment including LAN servers, bridges, and routers are physically secured from unauthorized access by placing them in locked rooms or closets. Security policies are in place to direct overall security approach for securing systems and data. 2. Volume Control (Zugangskontrolle) Measures to prevent storage media from being read, copied, modified or removed without authorization: Equipment, information or software is not removed from the TTE s (and/or subcontractor s) premises without approval and/or logging. When media are to be disposed of or reused, procedures have been implemented to prevent any subsequent retrieval of the information stored on them.

6 When media are to leave the premises at which the files are located as a result of maintenance operations, procedures have been implemented to prevent undue retrieval of the information stored on them. Processing performed in accordance with standard procedures and Instructions. Encryption methods are employed to protect the confidentiality of information when being transmitted. Access is restricted to information by defining procedures for handling, labeling, copying, distributing, storing, transporting, disposing and printing information in hard copy form. Storage devices containing information are physically destroyed or securely overwritten rather than using a standard delete function prior to disposal or re-use. The TTE (and/or subcontractor) has designated and secured areas for storage of collected media. 3. Storage Control (Zugriffskontrolle) Measures to prevent unauthorized input into the memory and the unauthorized examination, modification or erasure of stored personal data: Security policies are in place to direct overall security approach for securing systems and data. Only authorized staff can grant, modify or revoke access to an information system that uses or houses personal data. User administration procedures define user roles and their privileges, how access is granted, changed and terminated; address appropriate segregation of duties; and define the logging/monitoring requirements and mechanisms. All employees of the TTE (and/or subcontractor) are assigned unique User-IDs. Access rights are implemented adhering to the least privilege approach. Users are assigned the most restrictive set of privileges necessary to perform their respective job functions. There is a formal user registration process for granting and prohibiting access to information resources. Systems enforce configurations to promote sound passwords and minimize the potential for unauthorized usage of accounts. TTE (and/or subcontractor) employees are positively identified and follow a strict login process before they can gain access to information resources. System access is removed when an employee leaves the TTE (and/or subcontractor). Logging mechanisms are implemented to ensure the individual and timing of access to data can be subsequently checked. Separate and distinct production and test environments are maintained by the TTE (and/or subcontractor).

7 Data collections and handling are performed in accordance with standard procedures and Instructions. Encryption methods are employed to protect the confidentiality of information when being transmitted. Access is restricted to information by defining procedures for handling, labeling, copying, distributing, storing, transporting, disposing and printing information in hard copy form. 4. User Control (Weitergabekontrolle) Measures to prevent data processing systems from being used by unauthorized persons with the aid of data transmission facilities: Only authorized staff can grant, modify or revoke access to an information system that uses or houses personal data. User administration procedures define user roles and their privileges how access is granted, changed and terminated; address appropriate segregation of duties; and define the logging/monitoring requirements and mechanisms. All employees of the TTE (and/or subcontractor) are assigned unique User-IDs. Access rights are implemented adhering to the least privilege approach. Users are assigned the most restrictive set of privileges necessary to perform their respective job functions. There is a formal user registration process for granting and prohibiting access to information resources. Systems enforce configurations to promote sound passwords and minimize the potential for unauthorized usage of accounts. TTE (and/or subcontractor) employees are positively identified and follow a strict login process before they can gain access to information resources. System access is removed when an employee leaves the TTE (and/or subcontractor). Secure data transmission methods are established. Logging mechanisms are implemented to ensure the individual and timing of access to data can be subsequently checked. The TTE (and/or subcontractor) has established data backups schedules and utilizes automated backup systems for data management. Data backups are securely stored. 5. Logical Access Control (Zugriffskontrolle) Measures to ensure that persons entitled to use a data processing system have access only to the data to which they have a right of access: TTE (and/or subcontractor) has implemented security policies and procedures to classify information assets, clarify security responsibilities and promote awareness for employees. All personal data security incidents are managed in accordance with appropriate incident response procedures.

8 Access rights are implemented adhering to the least privilege approach. Users are assigned the most restrictive set of privileges necessary to perform their respective job functions. A password management system has been implemented for validating user authority to access information resources. Systems enforce configurations to promote sound passwords and minimize the potential for unauthorized usage of accounts. All employees of the TTE (and/or subcontractor) are assigned unique User-IDs. Remote access to systems and data requires dual levels of authentication. Periodic reviews are conducted of user accounts to ensure the appropriate minimum privileges are granted and accounts of unauthorized users have been removed. 6. Communication Control (Weitergabekontrolle) Measures to ensure that it is possible to check and establish to which bodies personal data can be communicated by means of data transmission facilities: Authorized routes between users and services are channeled and restricted. An intrusion detection system is in place to monitor and log security events. Remote access to systems and data requires dual levels of authentication. Logging mechanisms are implemented to ensure the individual and timing of access to data can be subsequently checked. Secure data transmission methods are established. Encryption methods are employed to protect the confidentiality of information when being transmitted. Equipment, information or software is not removed from the TTE (and/or subcontractor) 's premises without approval and/or logging. 7. Input Control (Eingabekontrolle) Measures to ensure that it is possible to check and establish which personal data have been input into data processing systems by whom and at what time: Logging mechanisms are implemented to ensure the individual and timing of access to data can be subsequently checked. Audit logs are secured from modification and independently reviewed. Authorized routes between users and services are channeled and restricted. Equipment, information or software is not removed from the TTE (and/or subcontractor) 's premises without approval and/or logging.

9 When media are to be disposed of or reused, procedures have been implemented to prevent any subsequent retrieval of the information stored on them. When media are to leave the premises at which the files are located as a result of maintenance operations, procedures have been implemented to prevent undue retrieval of the information stored on them. The TTE (and/or subcontractor) has implemented internal procedures to support that processing is performed in accordance with Instructions. 8. Job Control (Auftragskontrolle) Measures to ensure that, in the case of commissioned processing of personal data, the data are processed strictly in accordance with the Instructions: Personal data is used for internal purposes and only as necessary for the provisions of the services detailed in the Agreement (including amendments, if any) and this annex pursuant to section 11 German Federal Data Protection Act dated April TTE (and/or subcontractor) acts in compliance with the terms regarding processing as set forth in the Agreement and this annex. The TTE (and/or subcontractor) has implemented internal procedures to support that processing is performed in accordance with Instructions. 9. Transport Control (Weitergabekontrolle) Measures to prevent data from being read, copied, modified or erased without authorization during the transmission of personal data or the transport of storage media: Data collections and handling are performed in accordance with standard procedures and Instructions. Encryption methods are employed to protect the confidentiality of information when being transmitted. Access is restricted to information by defining procedures for handling, labeling, copying, distributing, storing, transporting, disposing and printing information in hard copy form. Hard copy media is distributed in a controlled fashion. Storage devices containing information are physically destroyed or securely overwritten rather than using a standard delete function prior to disposal or re-use. Equipment, information or software is not removed from the TTE s (and/or subcontractor s) premises without approval and/or logging. When media are to leave the premises at which the files are located as a result of maintenance operations, procedures have been implemented to prevent undue retrieval of the information stored on them. The TTE (and/or subcontractor) has implemented anti-virus and anti-malware protections to support security and availability of systems. 10. Separation Control (Trennungskontrolle)

10 Measures which ensure that Personal Data collected for different purposes can be processed separately: Access rights are implemented adhering to the least privilege approach. To protect information, large networks are segregated into separate logical domains. All matters are logically segregated at the application layer utilizing separated containers with controls including access and authorization controls. All data is stored in separate logical database containers with access controls. All files are stored in separate logical access structures with access controls. 11. Organizational Control (Organisationskontrolle) Measures to arrange the internal organization of authorities or enterprises in such a way that it meets the specific requirements of data protection: The TTE (and/or subcontractor) has designated a Privacy Officer and has established a privacy policy. The TTE (and/or subcontractor) has appropriate disaster recovery and business resumption plans. TTE (and/or subcontractor) reviews both business continuity plan and risk assessment regularly. Business continuity plans are being tested and updated regularly to ensure that they are up to date and effective. Monitoring systems are used to manage system capacity and usage. The TTE (and/or subcontractor) has established data backups schedules and utilizes automated backup systems for data management. Data backups are securely stored. The TTE s (and/or subcontractor s) data center facilities maintain redundant power and network systems as well as sound environmental controls to ensure continuity of system availability. The TTE (and/or subcontractor) has implemented anti-virus and anti-malware protections to support security and availability of systems. The TTE (and/or subcontractor) has implemented internal procedures to support that processing is performed in accordance with Instructions. A password management system has been implemented for validating user authority to access information resources. Systems enforce configurations to promote sound passwords and minimize the potential for unauthorized usage of accounts. Periodic reviews are conducted of user accounts to ensure the appropriate minimum privileges are granted and accounts of unauthorized users have been removed. The TTE (and/or subcontractor) has designated and assigned responsibility for management of compliance and supporting functions.

11 The TTE (and/or subcontractor) considers segregation of duties in designing organizational structures and assigning functional responsibilities. The TTE (and/or subcontractor) has established software development and change management policies. The TTE (and/or subcontractor) has centralized management of purchasing for hardware and software.