learn about our legal topics


Here you will find answers to your questions about our guidelines, intellectual property, corporate governance, corporate compliance, and other topics. The protection and security of your data and other legal topics are very important to us. View legal topics below to learn more.


According to § 5 TMG

sqanit GmbH
Balanstraße 71a
81541 Munich

Represented by Business Executive
Mr. Christian Hieronimi

sqanit GmbH
Balanstraße 71a
81541 Munich
Telephone +49 (0) 89 44451155

Sales Tax Identification Number
Sales tax identification number according to §27a sales tax law:
UStID DE 297723328  

Commercial Register Entry
Register Court Munich
HRB 214318

Last update July 2021

The protection and security of your personal data are very important to us, sqanit GmbH. We take the legal requirements of data protection and data security very seriously. The following information applies to our website under ("sqanit website") and provides you with an overview of which personal data we collect via The sqanit website and for what purposes. In addition, we hereby inform you of your rights in relation to us with regard to your personal data.

In no case will your personal data be forwarded to third parties, unless otherwise specified below.



sqanit GmbH, Balanstraße 71a, 81541 Munich, Germany ("sqanit"), is responsible for processing your personal data.


"Personal data" means any informationrelating to an identified or identifiable natural person, i.e. in your case allinformation that we are able to associate with you, even if only indirectly.


We collect your data by a contact form we provide for this purpose on our sqanit platform. Other data will be automatically recorded by our IT systems when you visit The sqanit website. Further details you may find below.


4.1  Log files (internet protocols)

When you visit our sqanit website, our IT systems automatically collect and store so-called log file information that your internet browser transmits to us. This includes:

  • Internet browser type/version
  • operating system used
  • host name of the accessing computer (your IP address)
  • date and time of the request to our server
  • requested website.
This information is partly required fortechnical reasons in order to show you our website and to ensure its stability.
IP addresses are stored in our log files inorder to enable us to pursue our rights in the event of an attack on our IT systems and restore the security of the IT systems (our legitimate interest; legal basis is Art. 6(1)(f) of the General Data Protection Regulation, "GDPR").

We are not able to assign the data to any person except for the IP address. The IP address is only assigned in the case of an attack. Beyond that we do not merge the data with other data sources. The IP addresses are deleted within 14 days.

4.2 Contact form on The sqanit website

If you use the contact form on the Repair Code website, we collect the following information from you (legal basis is Art.6(1)(f) GDPR):
  • First Name
  • Last Name
  • Email Address
  • Additional data, if voluntarily provided by you

If you click on “SUBMIT” on the contact form on The sqanit website, you will be provided with an email address ( / for contacting us. Ifyou send us an email, the personal data transmitted with the email will be collected. If your email contact is aimed at concluding a contract (e.g. abinding offer), an additional legal basis for the processing is Art. 6(1)(b)GDPR. In case we are contacted by you, this also constitutes our necessary legitimate interest in processing the data.

The data will only be used for processing your contact request. Your personal data will be deleted as soon as they are no longer required for this purpose. This is the case when the respective request from you has been completely dealt with, unless (i) you agree that your data may be retained beyond this term (legal basis is Art. 6(1)(a) GDPR, (ii) we are obliged to retain your data due to statutory retention obligations, or (iii) weare entitled to retain your data for another reason.

4.3 Use of Matomo

On our sqanit website, we may use cookies of the provider Matomo, however, only the data described below and therefore no personal data is processed. Cookies are small text files that are stored onyour computer and saved by your internet browser. When you access the same website again, your browser transmits to our server the text contained in the previously stored cookie. Cookies do not cause any damage to your computer and do not contain any viruses.

We collect the following data via the Matomocookies:
  • Internet browser type/version/screen resolution
  • operating system used
  • referrer URL (the website you visited previously)
  • host name of the accessing computer, but this is only your abbreviated IP address
  • date and time of the request to our server
  • requested website

We use Matomo in order to collect statistical data about the general usage behaviour of our website visitors. Through analysing this data, we gain a better understanding of their needs, so that we can further develop The sqanit website in a more targeted manner and are ableto improve the overall user experience.

Cookies are stored for 14 days.

Of course, you may deactivate the setting of cookies at any time. If we use cookies of the provider Matomo on the website, you can deactivate the setting of these cookies via the settings in the cookie banner. Of course, we also respect general "Do Not Track" settings.  


We may also disclose or forward your personal data to IT service providers. We carefully select the IT service providers, and they work for usas data processors.
In order to comply with our statutory obligations regarding accounting and drawing up annual financial reportings, we use third parties who are legally obliged to maintain secrecy (tax consultants,auditors, and attorneys), because we can not provide these services ourselves(legitimate interest). In the context of their work, they may receive your personal data as required in accordance with Clause 4 or gain access to this personal data (legal basis is Art. 6(1)(f)GDPR).

The transmission of your personal data to recipients in countries outside the European Union is not intended.


We use appropriate technical and organizational security measures in order to protect your data against accidental or intentional manipulations, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in accordance with technological developments.

We use SSL or TLS encryption for our contact form. You can recognize an encrypted connection in that the address line of the browser changes from "http://" to "https://", and the lock symbol will appear in your browser line. If SSL or TLS encryption is enabled, the data you send to us (e.g. in the context of orders or requests) cannot be read by third parties.


The contact data of our data protection officer is:, sqanit GmbH, Balanstraße 71a, 81541 Munich, Germany.


You have the following rights regarding your personal data (Art. 15 et seqq. GDPR):
  • Right of access
  • Right to rectification or erasure, as well as to restriction ofprocessing ("blocking")
  • Right to data portability

You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.

Right to object to furtherprocessing:

If we process personal data of you on the basis of Art. 6(1)(f) GDPR (i.e. if we process such data to exercise our legitimate interests), you have the right to object to this processing at any time for reasons arising from your particular situation. We will then no longer process your personal data, unless we can demonstrate compelling protectable reasons for the processing that outweigh your interests, rights, and freedoms, or if the processing serves to assert, exercise, or defend our legal claims.

You can download and save the above Privacy Notice here ( Download ).

Last updated: April 2020

Data Processing Agreement


the Provider
- hereinafter “Controller“-


sqanit GmbH, Balanstraße 71a, 81541 Munich, Germany

- hereinafter "Processor" -
- hereinafter Controller and Processor collectively also “Parties” -.



This agreementcontains a written order of the Controller to the Processor within the meaning of Article 28 of the Regulation (EU) 2016/679, the European General Data Protection Regulation (GDPR).

As far asthe Federal Data Protection Act (BDSG) is mentioned here, these mentions refer exclusively to the BDSG which will be valid from 25 May 2018.


"Personal Data" means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

"Processing"/"processing" means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such ascollection, recording, organisation,structuring, storage, adaptation or alteration, retrieval,consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.

3. Subject and term of the Agreement

The subject, type and purpose of processing of Personal Data by the Processor onbehalf of the Controller are laid down in the agreement between the Controller and the Processor according to the Processor's Terms of Use (hereinafter "ToU Agreement").

The following types of Personal Data are subject to this agreement:
  • Contact details such as names, e-mail-addresses, mail addresses, phone numbers, login data, profession, job title.
  • Location data and technical data for devices that can be assigned to a natural person.
  • Inquiries and data relating to the processing of orders in connection with devices, inparticular communication data. Also information on malfunctions and their rectification, repairs and spare parts requirements, which may also include photos and videos and other files.
The processing concerns the following categories of data subjects:
  • Employees of the Controller
  • Contractual partners of the Controller, in particular users.
This contract does not apply to activities where the Processor independently processesthe Provider's personal data. This applies to the processing of contact data ofthe Controller's contact persons who are responsible for the implementation of the contract in accordance with the ToU Agreement. The Controller is responsible for the processing within the meaning of Article 4 (7) GDPR. The assessment of whether the processing of Personal Data according to the ToU Agreement and this agreement is in compliance with the GDPR and, as the casemay be, other applicable data protection laws, is at the Controller’s sole discretion. The Controller shall inform the Processor without delay if the Controller identifies mistakes or irregularities in the processing.

The term of this agreement shall be equivalent to the term of the ToU Agreement.

4. GENERAL Duties of the Processor

The Processor shall process the Personal Data of the Controller exclusively according to the ToU Agreement and in compliance with any further documented instructions issued by the Controller according to this agreement, unless the Processor is obliged to a processing pursuant to the laws of the European Union or the Federal Republic of Germany. The Processor shall inform the Controller of such legal requirements prior to such processing, unless the law prohibits such information on important grounds of public interest.

The Processor confirms that it has appointed a data protection officer pursuant to Section 37 of the GDPR. The Processor shall provide the Controller with the contact information upon request.

The Controller is responsible for the fulfilment of the Controller’s obligation to respond to requests for exercising the data subject’s rights laid down in Articles 12 to 23 GDPR. The Processor shall inform the Controller without delay if data subjects assert such rights against the Processor. Furthermore, the Processor shall, taking into account the nature of the processing, assist the Controller by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Controller’s aforementioned obligation.

In case of a Personal Data breach – including a breach of this agreement or any additional instructions of the Controller according to this agreement – the Processor shall inform the Controller without delay. The Processor is aware that pursuant to Articles 33 and 34 of the GDPR there may be notification and information obligations in case of a Personal Data breach. The Processor shall assist the Controller in fulfilling these obligations.

If the Controller is obliged pursuant to Article 35 of the GDPR to perform a data protection impact assessment, the Processor shall assist the Controller in this assessment, dependent upon the type of processing and the information provided, as well as in consultation with the supervisory authority pursuant to Article 36 of the GDPR.


The Processor shall process the Controller's Personal Data only on documented instructions.  Such instructions shall be issued in text form. Oral instructions are permissible in urgent situations as an exception, yet shall be confirmed by the Controller in text form without delay.  If such instructions require performance of the Processor that is not included in the ToU Agreement, the Controller shall pay to the Processor a remuneration to be determined by the Processor according to Paragraph 316 German Civil Code (Bürgerliches Gesetzbuch).

The Processor shall inform the Controller without delay if it perceives that an instruction constitutes a breach of applicable data protection laws or this agreement. The Processor is permitted to suspend execution of the respective instruction until it has been confirmed or modified by the Controller.


The Processor shall take all measures required pursuant to Article 32 of the GDPR.


The Controller reserves the right to monitor compliance with the statutory provisions on data protection, compliance with the contractual agreements made between the parties and compliance with any additional instructions given by the Controller through the processor. The Processor makes available to the Controller all information necessary to demonstrate compliance with the obligations laid down in Article 28 GDPR and allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller. Implementation of technical and organisational measures may be verified with approved codes of conduct pursuant to Article 40 GDPR or a certificate granted according to an approved certification procedure pursuant to Article 42 GDPR.


If the processing of the Controller's personal data shall involve other processors (hereinafter referred to as "subcontractors"), the following provisions shall apply:
  • Involving subcontractors is generally permitted. The Processor shall inform the Controller in advance of each subcontractor he intends to involve, giving the Controller the opportunity to object. When the contract is concluded, the Processor shall use the following subcontractors: the Processor shall use the following subcontractors:

    Hetzner Online GmbH
    Managing Directors:
    Martin Hetzner, Stephan Konvickova, Günther Müller
    Street / P.O. Box:
    Industriestr. 25
    Postcode Location:
    91710 Gunzenhausen, Germany

    Hetzner Online is the datacenter and infrastructure provider of sqanit’s private cloud system, which provides all the related services. A data processing agreement exists.
  • The Processor shall define the contractual arrangements with the subcontractor(s) in such a way that they comply with the data protection provisions applying between the Controller and the Processor.
  • In case of subcontracting, the Controller shall be granted control and inspection rights in relation to the subcontractor pursuant to this contract. This includes the right of the Controller to obtain information from the subcontractor on written request about the essential content of the contract and the implementation of the data protection-related obligations in the subcontracting relationship, if necessary by inspecting the relevant contract documents.
  • For clarification, the parties state that Article 32 (4) GDPR also applies to subcontractors.
  • Subcontracting relationships within the meaning of this provision shall not be understood to include services the Processor obtains from third parties as ancillary service to assist in fulfilling the order. These include, for example, telecommunication services and services of cleaning staff. However, in order to ensure the Controller's personal data privacy and security, the Processor is obliged to enter into appropriate contractual arrangements for the safeguarding of personal data in accordance with the law. This also applies to ancillary services.


After completion of the contractually agreed services or at an earlier point in time at the request of the Controller – at the latest at the termination of the ToU Agreement – the Processor shall delete the Controller’s Personal Data, unless the laws of the European Union or the Federal Republic of Germany requires or permits further storage of the Personal Data.


The Processor warrants and guarantees that the individuals it employs for the processing of the Personal Data, including of any Subcontractors, have committed themselves to confidentiality or are subject to an adequate statutory professional obligation to confidentiality.


The remuneration of the Processor is specified in the ToU Agreement.

The Processor shall be liable to the Controller pursuant to the provisions in Clause 10 of the ToU Agreement.

Image and icon Attributions


Interested in learning more?

Contact us with your enquiries or request a demo.

Refrech Captcha