Agreement on order processing pursuant to Art. 28 DSGVO.
Among other things, PlanRadar processes personal data (such as name, e-mail address, etc.) that are collected from the client, processed on PlanRadar systems and stored for the purpose and duration required. In particular, the following activities are included:
2. Data types
The following types of data are regularly the subject of processing:
PlanRadar processes the data of the client and its users for the stated purposes and the client expressly agrees to this processing. The client may revoke his consent at any time.
Personal data: When registering, PlanRadar saves the e-mail address and personal password for log-in to the secure area of PlanRadar. PlanRadar also uses users’ e-mail address to provide users with system notifications when using the services (such as notification of new defects in a project) and information about PlanRadar’s system and products. PlanRadar also stores name, first name, telephone number, billing address (street, house number, zip code, city, e-mail address), UID number and company name of the client for the provision of services and their billing based on the terms and conditions.
Files: In the context of the use of the services of PlanRadar, the client can save plans, photos, pictures, texts, audio information, etc. on a specific project on the web servers of PlanRadar. The stored files are made accessible to every user whom the customer has activated for this project. The client may at any time delete the files and data stored by him.
Login data: If the user logs in to PlanRadar with his e-mail address and personal password, PlanRadar stores the login time and date. PlanRadar uses this data to detect and correct errors, improve the service, and handle customer queries or complaints.
Google Analytics: The PlanRadar website uses Google Analytics, a web analytics service provided by Google Inc. (« Google »). Google Analytics uses so-called « cookies », text files that are stored on the user’s computer and that allow an analysis of the use of the website by the user. The information generated by the cookie about the use of the website (including the IP address) is transmitted to a Google server and stored there. Google will use this information for the purpose of evaluating the use of the website, compiling reports on website activity for website operators and providing other services related to website activity and internet usage. Google may also transfer this information to third parties if required by law or as far as third parties process this data on behalf of Google. Google will never associate the IP address with other data.The user can prevent the installation of cookies by setting the browser software accordingly; PlanRadar points out, however, that in this case the user may not be able to fully use all functions of the website. By using the website, the user agrees to the processing of the data collected about him by Google in the manner described above and for the aforementioned purpose.
The following categories of affected persons are subject to processing:
4. Duration of the agreement
The agreement ends with the completion of the data processing and the obligatory data deletion by PlanRadar.
5. Duties of PlanRadar
PlanRadar undertakes to process data only in the context of the client’s written orders. If PlanRadar receives an official order to publish data of the client, it must – insofar as legally permissible – inform the client immediately and refer it to the authority.
PlanRadar declares legally binding that all persons commissioned with data processing are obligated to confidentiality prior to commencement of the activity or that they are subject to an appropriate statutory confidentiality obligation.
PlanRadar declares legally binding that all necessary measures have been taken to ensure the security of processing under Art. 32 DSGVO.
PlanRadar takes the technical and organizational measures, so that the client can fulfill the rights of the data subject under Chapter III of the GDPR at any time (information, disclosure, correction and deletion, data portability, opposition, as well as automated decision-making in individual cases) within the statutory periods and leaves the customer all necessary information. If such a request is made to PlanRadar and it indicates that the applicant mistakenly considers it the principal of the data application operated by it, PlanRadar must immediately forward the request to the principal and notify the applicant.
With regard to the processing of the data provided by the customer, the client is granted the right to inspect and check at any time, even if it is also commissioned by third parties. PlanRadar undertakes to provide the client with the information necessary to control compliance with the obligations set out in this agreement.
PlanRadar is required after the termination of this agreement to destroy all processing results and records that contain data on behalf of the principal.
PlanRadar must immediately notify the client if PlanRadar believes that the client’s instructions violate the data protection provisions of the European Union or the member states.
6. Place of execution
All data processing activities are carried out exclusively within the EU or the EEA.
PlanRadar is adding the following subcontractors for hosting: A1 Telekom Austria AG and Amazon Web Services, Inc.
8. Obligations of the client
When handling personal data, the client will observe the provisions of the Data Protection Act and the Telecommunications Act and will take the technical and organizational measures required by the client for data protection in the area of responsibility.
The client undertakes, and in particular his employees, to comply with the provisions of the Data Protection Act.
The client takes all reasonable measures in his area of responsibility to protect the stored data and information against unauthorized access by third parties. PlanRadar is not responsible if third parties succeed in illegally gaining access to the data and information.
The client may invite other users (e.g., their subcontractors) to use the software for a specific project by entering their e-mail address (es). In this case, the client will obtain in advance the verifiable consent of the respective user for the use of his personal data.
9. Security Concept