Legal

“Personal data” means any informationrelating to an identified or identifiable natural person, i.e. in your case allinformation that we are able to associate with you, even if only indirectly.

We collect your data by a contact form we provide for this purpose on our sqanit platform. Other data will be automatically recorded by our IT systems when you visit The sqanit website. Further details you may find below.

• Internet browser type/version
• operating system used
• host name of the accessing computer (your IP address)
• date and time of the request to our server
• requested website.

• First Name
• Last Name
• Email Address
• Additional data, if voluntarily provided by you

• Internet browser type/version/screen resolution
• operating system used
• referrer URL (the website you visited previously)
• host name of the accessing computer, but this is only your abbreviated IP address
• date and time of the request to our server
• requested website

5.1
We may also disclose or forward your personal data to IT service providers. We carefully select the IT service providers, and they work for usas data processors.
In order to comply with our statutory obligations regarding accounting and drawing up annual financial reportings, we use third parties who are legally obliged to maintain secrecy (tax consultants,auditors, and attorneys), because we can not provide these services ourselves(legitimate interest). In the context of their work, they may receive your personal data as required in accordance with Clause 4 or gain access to this personal data (legal basis is Art. 6(1)(f)GDPR).

5.2
The transmission of your personal data to recipients in countries outside the European Union is not intended.

We use appropriate technical and organizational security measures in order to protect your data against accidental or intentional manipulations, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in accordance with technological developments.

We use SSL or TLS encryption for our contact form. You can recognize an encrypted connection in that the address line of the browser changes from “http://” to “https://”, and the lock symbol will appear in your browser line. If SSL or TLS encryption is enabled, the data you send to us (e.g. in the context of orders or requests) cannot be read by third parties.

The contact data of our data protection officer is: datenschutz@sqanit.com, sqanit GmbH, Balanstraße 71a, 81541 Munich, Germany.

• Right of access
• Right to rectification or erasure, as well as to restriction ofprocessing (“blocking”)
• Right to data portability

Right to object to furtherprocessing:

If we process personal data of you on the basis of Art. 6(1)(f) GDPR (i.e. if we process such data to exercise our legitimate interests), you have the right to object to this processing at any time for reasons arising from your particular situation. We will then no longer process your personal data, unless we can demonstrate compelling protectable reasons for the processing that outweigh your interests, rights, and freedoms, or if the processing serves to assert, exercise, or defend our legal claims.

1.1
This agreementcontains a written order of the Controller to the Processor within the meaning of Article 28 of the Regulation (EU) 2016/679, the European General Data Protection Regulation (GDPR).

1.2
As far asthe Federal Data Protection Act (BDSG) is mentioned here, these mentions refer exclusively to the BDSG which will be valid from 25 May 2018.

2.1
“Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2.2
“Processing”/”processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such ascollection, recording, organisation,structuring, storage, adaptation or alteration, retrieval,consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.

• Contact details such as names, e-mail-addresses, mail addresses, phone numbers, login data, profession, job title.
• Location data and technical data for devices that can be assigned to a natural person.
• Inquiries and data relating to the processing of orders in connection with devices, inparticular communication data. Also information on malfunctions and their rectification, repairs and spare parts requirements, which may also include photos and videos and other files.

• Employees of the Controller
• Contractual partners of the Controller, in particular users.

5.1
The Processor shall process the Controller’s Personal Data only on documented instructions.  Such instructions shall be issued in text form. Oral instructions are permissible in urgent situations as an exception, yet shall be confirmed by the Controller in text form without delay.  If such instructions require performance of the Processor that is not included in the ToU Agreement, the Controller shall pay to the Processor a remuneration to be determined by the Processor according to Paragraph 316 German Civil Code (Bürgerliches Gesetzbuch).
‍
5.2
The Processor shall inform the Controller without delay if it perceives that an instruction constitutes a breach of applicable data protection laws or this agreement. The Processor is permitted to suspend execution of the respective instruction until it has been confirmed or modified by the Controller.

The Processor shall take all measures required pursuant to Article 32 of the GDPR.

The Controller reserves the right to monitor compliance with the statutory provisions on data protection, compliance with the contractual agreements made between the parties and compliance with any additional instructions given by the Controller through the processor. The Processor makes available to the Controller all information necessary to demonstrate compliance with the obligations laid down in Article 28 GDPR and allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller. Implementation of technical and organisational measures may be verified with approved codes of conduct pursuant to Article 40 GDPR or a certificate granted according to an approved certification procedure pursuant to Article 42 GDPR.

After completion of the contractually agreed services or at an earlier point in time at the request of the Controller – at the latest at the termination of the ToU Agreement – the Processor shall delete the Controller’s Personal Data, unless the laws of the European Union or the Federal Republic of Germany requires or permits further storage of the Personal Data.

The Processor warrants and guarantees that the individuals it employs for the processing of the Personal Data, including of any Subcontractors, have committed themselves to confidentiality or are subject to an adequate statutory professional obligation to confidentiality.

11.1
The remuneration of the Processor is specified in the ToU Agreement.
‍
11.2
The Processor shall be liable to the Controller pursuant to the provisions in Clause 10 of the ToU Agreement.