Order data processing

This regulation of the rdts ® AG (hereinafter referred to as „rdts“) is protected by copyright. (As of 1 May 2015)

Rules for the collection, processing and use of personal data in the order according to § 11 Bundesdatenschutzgesetz (order data processing)

§ 1 regulatory object

As part of the provision of data, it is necessary for the rdts to deal with personal data for which the customer functions as the responsible authority within the meaning of the data protection regulations (hereinafter referred to as „customer data“). This agreement specifies the data protection rights and obligations of the parties in connection with the handling of the rdts with „client data“ for the implementation of the „contract“.

§ 2 Type, scope, purpose and duration of the order data processing

1) rdts collects, processes and uses the „client data“ in order and on the instructions of the client i.S.v. § 11 BDSG (order data processing). The client remains responsible for the data protection law.
2) The collection, processing and use of the „client data“ within the scope of the order data processing is carried out according to the order of the dataroomX data space.
3) The rdts may process and use the „client data“ within the framework of the data protection law for its own purposes on its own responsibility. The rdts may also anonymize the „client data“ and process it in an anonymous form for its own purposes.
4) The collection, processing and use of „client data“ shall be in the territory of the Federal Republic of Germany.
5) The duration and termination of this Agreement shall be governed by the terms and conditions of the term and termination of the „Agreement“. A termination of the „contract“ automatically also terminates this contract. An isolated termination of this contract is excluded.

§ 3 Powers of the Client

1) The rdts uses the „client data“ exclusively in accordance with the instructions of the client. Any specifications that deviate from the terms of this contract or impose additional requirements require the prior approval of the rdts and shall be effected by the additional costs of the rdts as a result of the order.
2) If the rdts considers that a permissible individual statement violates applicable data protection law, it shall inform the client as promptly as possible. In addition, the rdts is entitled to suspend the execution of the instruction until the customer has confirmed the instructions.

§ 4 Obligations of the Customer

1) The client is responsible for the legality of the collection, processing and use of the „client data“ as well as for the rights of the affected parties. Should third parties assert claims against the rdts on the basis of the collection, processing or use of „client data“, the client is entitled to the rdts
From all such claims at first request.
2) The client is the owner of the „client data“ and the owner of all rights which concern the „client data“.
3) It is the responsibility of the client to make the „customer data“ available to the customer in due time, and is responsible for the quality of the „customer data“. The customer shall inform the rdts immediately and in full if, during the examination of the order results, he detects the rdts errors or irregularities regarding data protection regulations or his directives.

§ 5 Obligations of the rdts

1) The rdts shall ensure, on a regular basis, that the processing and use of the data within the scope of the service within its area of ​​responsibility, including the subcontractor, shall be carried out in accordance with the provisions of this contract.
2) The rdts may not make copies or duplicates of the „customer data“ without the prior consent of the customer within the scope of the order data processing. This does not include copies, to the extent necessary to ensure proper data processing and the proper performance of the services (including data backup), as well as copies required to meet regulatory requirements.
3) The rdts assists the customer in the case of checks by the supervisory authority within the scope of the reasonable and necessary, as far as these controls concern the data processing by the rdts.
4) On request, the rdts shall provide the client with an overview of the information referred to in § 4e sentence 1 BDSG as well as the persons entitled to access (§ 4g para. 2 sentence 1 BDSG)
5) In accordance with § 5 BDSG, rdts has to obligate the persons employed in the processing of „client data“ in writing to the data secrecy.
6) The rdts is obliged to appoint a competent and reliable company data protection officer pursuant to § 4f BDSG, provided that and as long as the statutory requirements for a purchase order are fulfilled.

Section 6 Crds of the rdts to be reported

1) The rdts informs the customer in a timely manner if he or she is aware that he or an employee has infringed data protection regulations or contravenes the terms of this contract, if there is a risk that „customer data „Unlawfully transmitted or otherwise illegally notified to third parties.
2) Insofar as the customer makes legal information duties due to an incident according to § 7 (1) due to an illegitimate knowledge of „client data“ (in particular pursuant to § 42a BDSG), rdts has the customer within the scope of fulfilling the information requirements Reasonable and necessary, to reimburse the costs, costs and expenses incurred as a result of this.

§ 7 Returning and deleting data and data carriers

1) The rdts has to delete all „client data“ after completion of the contractually agreed service (in particular with termination or other termination of the „contract“) and data carriers received by the client, which still contain „client data“ at that time The customer.
2) On a deletion or destruction of „client data“, the rdts shall draw up a protocol, which shall be submitted to the client upon request.
3) Documentations which serve the purpose of proving the orderly and proper data processing or statutory retention periods shall be kept by the rdts beyond the contractual deadline according to the respective retention periods.

Section 8 Relation to other agreements

Unless special conditions are contained in these conditions, the provisions for order data processing apply. In case of inconsistencies arising from other agreements, the regulations from this order data processing are carried out.