Agreement on order processing pursuant to Art. 28 DSGVO.
Among others, PlanRadar processes personal data (such as name, e-mail address, etc.) that are collected from the client, processed on PlanRadar systems and stored for the purpose and duration required. In particular, the following activities are included:
2. Data types
The following types of data are regularly the subject of processing:
PlanRadar processes the data of the Customer and its users for the stated purposes and the Customer expressly agrees to this processing. The Customer may revoke his consent at any time.
Personal data: When registering, PlanRadar saves the e-mail address and personal password for log-in to the secure area of PlanRadar. PlanRadar also uses users’ e-mail address to provide users with system notifications when using the services (such as notification of new defects in a project) and information about PlanRadar’s system and products. PlanRadar also stores names, first names, telephone numbers, billing addresses (street, house numbers, postcodes, city, e-mail addresses), UID numbers and company names of Customers for the provision of services and their billing, based on the terms and conditions.
Files: In the context of the use of the services of PlanRadar, the Customer can save plans, photos, pictures, texts, audio information, etc. on a specific project on the web servers of PlanRadar. The stored files are made accessible to every user whom the Customer has activated for this project. The Customer may at any time delete the files and data stored by him.
Login data: If the user logs in to PlanRadar with his e-mail address and personal password, PlanRadar stores the login time and date. PlanRadar uses this data to detect and correct errors, improve the service, and handle customer queries or complaints.
Google Analytics: The PlanRadar website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on the user’s computer and that allow an analysis of the use of the website by the user. The information generated by the cookie about the use of the website (including the IP address) is transmitted to a Google server and stored there. Google will use this information for the purpose of evaluating the use of the website, compiling reports on website activity for website operators and providing other services related to website activity and internet usage. Google may also transfer this information to third parties if required by law or as far as third parties process this data on behalf of Google. Google will never associate the IP address with other data.The user can prevent the installation of cookies by setting the browser software accordingly; PlanRadar points out, however, that in this case the user may not be able to fully use all functions of the website. By using the website, the user agrees to the processing of the data collected about him by Google in the manner described above and for the aforementioned purpose.
The following categories of affected persons are subject to processing:
4. Duration of the agreement
The agreement ends with the completion of the data processing and the obligatory data deletion by PlanRadar.
5. Duties of PlanRadar
PlanRadar undertakes to process data only in the context of the Customer’s written orders. If PlanRadar receives an official order to publish data of the Customer, it must – insofar as legally permissible – inform the Customer immediately and refer it to the authority.
PlanRadar makes a legally binding declaration that all persons commissioned with data processing are obligated to confidentiality prior to commencement of the activity or that they are subject to an appropriate statutory confidentiality obligation.
PlanRadar makes a legally binding declaration that all necessary measures have been taken to ensure the security of processing under Art. 32 DSGVO.
PlanRadar takes the technical and organisational measures so that the client can fulfill the rights of the data subject under Chapter III of the GDPR at any time (information, disclosure, correction and deletion, data portability, opposition, as well as automated decision-making in individual cases) within the statutory periods and leaves the Customer all necessary information. If such a request is made to PlanRadar and it indicates that the applicant mistakenly considers it the principal of the data application operated by it, PlanRadar must immediately forward the request to the principal and notify the applicant.
With regard to the processing of the data provided by the Customer, the Customer is granted the right to inspect and check at any time, even if they commission a third party to do so. PlanRadar undertakes to provide the Customer with the information necessary to monitor compliance with the obligations set out in this agreement.
After the termination of this agreement, PlanRadar is required to destroy all processing results and records that contain data by order of the Customer.
PlanRadar must immediately notify the Customer if PlanRadar believes that the Customer’s instructions violate the data protection provisions of the European Union or the member states.
6. Place of execution
All data processing activities are carried out exclusively within the EU or the EEA.
PlanRadar uses the following subcontractor for hosting: Amazon Web Services, Inc.
8. Obligations of the Customer
When handling personal data, the Customer will observe the provisions of the Data Protection Act and the Telecommunications Act and comply with the technical and organisational measures required by the Customer for data protection in the area of responsibility.
The Customer and, in particular, his employees must undertakes to comply with the provisions of the Data Protection Act.
The Customer must take all reasonable measures in his area of responsibility to protect the stored data and information against unauthorised access by third parties. PlanRadar is not responsible if third parties succeed in illegally gaining access to the data and information.
The Customer may invite other users (e.g., their subcontractors) to use the software for a specific project by entering their e-mail address (es). In this case, the Customer must obtain the verifiable consent of the respective user in advance for the use of his personal data.
9. Security Concept