Date of Last Revision: October 3rd, 2013
This annex specifies the data protection obligations of the parties which arise from the main contract you agree with your registration.
It applies to allactivities performed in connection with the Main Contract. The term oft his annex shall follow the term of the Main Contract.
(1) “Personal Data”
Personal Data means any individual element of information concerning the personal or material circumstances of an identified or identifiable individual.
Processing means processing of Personal Data on behalf, encompassing the storage, amendment, transfer, blocking or erasure of personal data by MailingBird ("Processor") and its staff acting on behalf of you ("Controller").
Instruction means the written instruction, issued by Controller to Processor, and directing the same to perform a specific action with regard to Personal Data (including, but not limited to, depersonalising, blocking, deletion, making available).
(1) Processor shall process Personal Data on behalf of Controller. Processing shall include such actions as may be specified in the Main Contract and in the scope of work. Within the scope of the Main Contract, you are solely responsible for complying with the statutory requirements relating to data protection, in particular regarding the transfer of Personal Data to the Service and the Processing of Personal Data (acting as “responsible body” as defined in § 3 para. 7 BDSG”).
(2) Based on this responsibility, you are entitled to demanding the rectification, deletion, blocking and making available of Personal Data during and after the term of the Main Contract.
(3) The regulations of this annex shall equally apply if testing or maintenance of automatic processes or of Processing equipment is performed and access to Personal Data in such context cannot be excluded.
(1) Within Mailingbird's area of responsibility, we shall structure the internal corporate organisation to ensure compliance with the specific requirements of the protection of Personal Data. Processor will take the appropriate technical and organisational measures to adequately protect your Personal Data against misuse and loss in accordance with the requirements of the German Federal Data Protection Act (§ 9 BDSG). Such measures hereunder shall include, but not be limited to:
a) the prevention of unauthorised persons from gaining access to Personal Data Processing systems,
b) the prevention of Personal Data Processing systems from being used without authorisation,
c) ensuring that persons entitled to use a Personal Data Processing system gain access only to such Personal Data as they are entitled to accessing in accordance with their access rights, and that, in the course of pro - cessing or use and after storage, Personal Data cannot be read, copied, modified or deleted without authorisation,
d) ensuring that Personal Data cannot be read, copied, modified or deleted without authorisation during electronic transmission, transport or storage on storage media, and that the target entities for any transfer of Personal Data by means of data transmission facilities can be established and verified,
e) ensuring that Personal Data are processed solely in accordance with the Instructions,
f) ensuring that Personal Data are protected against accidental destruction or loss,
g) ensuring that Personal Data collected for different purposes can be processed separately.
A measure as referred to in lit. b to d above shall be in particular, but shall not be limited to, the use of stateof-the-art encryption technology.
(2) MailingBird will inform you without undue delay in case of a serious interruption of operations, suspicion of breaches of Personal Data protection, and any other irregularity in Processing your Data.
(1) Controller and Processor shall be separately responsible for conforming with such statutory data protection regulations as are applicable to them.
(2) Controller shall inform Processor without undue delay and comprehensively about any errors or irregularities related to statutory provisions on the Processing of Personal Data detected during a verification of the results of such Processing.
(3) Controller shall be obliged to maintain the publicly available register as defined in § 4g para. 2 sentence 2 of the Germany Federal Data Protection Act.
(4) Controller shall be responsible for fulfilling the duties to inform resulting from § 42a BDSG.
Where MailingBird, based upon applicable data protection law, is obliged to provide information to an individual about the collection, processing or use or
its Personal Data, you shall assist in making this information available, provided that:
-„Controller has instructed MailingBird in writing to do so, and
-„Controller reimburses MailingBird for the costs arising from this assistance.
(1) Where your Data becomes subject to search and seizure, an attachment order, confiscation during bankruptcy or insolvency proceedings, or similar events or measures by third parties while being Processed, Mailingbird shall inform you without undue delay. MailingBird shall, without undue delay, notify to all pertinent parties in such action, that any Personal Data affected thereby is in your sole property and area of responsibility.
(2) This agreement is governed by the laws of the Federal Republic of Germany.