Data Protection Agreement MEETYOO Go

MEETYOO Header Background

General Agreement on Order Processing MEETYOO Go
in accordance with Art. 28 (3) of the General Data Protection Regulation (GDPR)
 

§1 Completion of the contract

In accordance with the following conditions, an order processing agreement is concluded between meetyoo (meetyoo conferencing GmbH, Friedrichstrasse 200, 10117 Berlin as the processor) and any company that uses MEETYOO Go services provided by the contractor (hereinafter referred to as the "client").

 

§2 Scope and responsibility

meetyoo processes personal data on behalf of and according to the instructions of the client. This includes activities that are specified in the main contract and in the service description. Within the scope of this contract, the client is solely responsible for compliance with the statutory provisions of data protection laws, in particular for the lawfulness of the transfer of data to the contractor as well as for the lawfulness of the data processing ("responsible party" within the meaning of Art. 4 No. 7 DSGVO).

(1) Where the term "data processing" or "processing" of data is used in this Agreement, it shall be understood to mean the use of personal data in general. Reference is made to the further definitions in Art. 4 No. 2 GDPR.

(2) The instructions shall initially be stipulated by the contract and may thereafter be amended, supplemented, or replaced by the Client in writing or in an electronic format (text form) to the office designated by the Contractor by means of individual instructions (individual instructions). Instructions not provided in the contract shall be treated as a request for a change in performance. Verbal instructions shall be confirmed immediately in writing or in text form.

 

§3 Subject matter, duration, and specification of the commissioned processing

(1) The subject of this contract on the processing of data on behalf is the provision of the service MEETYOO Go within the scope agreed with meetyoo, in accordance with the underlying main contract.

(2) The term of this agreement shall be governed by the provisions of the underlying principal contract.

(3) The following provisions apply to all services of commissioned data processing within the meaning of Art. 28 Para. 3 of the General Data Protection Regulation (DSGVO) that meetyoo provides to the client. The agreement thus also applies to further orders until further notice.

(4) In particular, the following data are part of the data processing:

a) Data types/data categories: 

Users of the MEETYOO Go event portal (account holders/administrators)
-Contact details (name, e-mail address, mobile phone no.)
-IP address, log files, cookies (session ID), password
-Contract data
-Payment data

Participants of the virtual event 
-Contact details (name, company, e-mail address)
-IP address, log files, password
-Contract data (online registration)
-Statistical (anonymized) behavioral data
-Video image /chat content
 

b) Group of persons affected by the data processing

(1) User of the event portal MEETYOO Go (account holder/administrator) 

(2) Participants of the virtual event (e.g. customers, employees, interested parties)
 

c) Nature and purpose of the data processing: 

Type of data processing

Any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (Art. 4 No. 2 GDPR).

Purposes of data processing

-Settlement
-Access data management
-Provision of reports for the client
-Customer login
-File exchange/storage
-Chat
-On-Demand Webcast (online video recording)
-Webcam/video transmission
 

§4 Rights and obligations of the principal

(1) The client alone is responsible for assessing the permissibility of the data collection, processing, and use, as well as for safeguarding the rights of the data subjects, and is thus the responsible party pursuant to Art. 4 No. 7 DSGVO.

(2) The Client is entitled to issue instructions on the type, scope, and procedure of data processing. Instructions can only be given in text form. Any remuneration of additional expenses incurred by meetyoo due to supplementary instructions of the client will be negotiated separately.

(3) The client shall inform meetyoo without delay if errors or irregularities are detected in connection with the processing of personal data by meetyoo.

(4) The client is responsible for the legality of the collection, processing, and use of the client's data as well as for the protection of the rights of the persons concerned. Should third parties assert claims against meetyoo on the basis of the collection, processing, or use of client data, the client shall indemnify meetyoo against all such claims upon the first request.

(5) The client is entitled, before the start of data processing and thereafter in consultation with meetyoo, to regularly satisfy himself of compliance with the technical and organizational measures taken by meetyoo for data security. The client may also have this control carried out by a third party. 

(6) In the event of an information obligation pursuant to Art. 33, 34 DSGVO, §15a TMG, the client shall be responsible for compliance therewith.
 

§5 Obligations of meetyoo

(1) Data processing

a) meetyoo is obliged to process personal data exclusively within the framework of the agreements made and in accordance with the instructions of the client. Any processing of data deviating from this is prohibited by meetyoo. meetyoo is obliged not to process the data provided for data processing for any other purposes, in particular not for its own purposes. 

b) Copies or duplicates may not be made unless this is the subject of the order, this is necessary to comply with statutory retention obligations or the client has given his express written consent to this.

 

(2) Correction, deletion, and blocking of data

a) meetyoo must correct, delete or block the personal data collected, processed or used on behalf of the client on the client's instructions. The same applies if this agreement provides for the correction, deletion or blocking of data. 

b) Insofar as a data subject contacts meetyoo directly for the purpose of correcting, deleting or blocking his/her data, meetyoo is obliged to forward this request to the client immediately upon receipt.

c) meetyoo supports the client as far as possible with requests from data subjects regarding information, restriction of processing, data portability and objections.

 

(3) Control obligations

a) meetyoo undertakes to ensure by means of appropriate controls that the personal data collected, processed or used on behalf of meetyoo are processed exclusively in accordance with this agreement and/or the underlying contract and/or the relevant instructions. 

b) meetyoo confirms that it has appointed an external data protection officer in accordance with Art. 37 DSGVO and monitors compliance with data protection and data security regulations with the involvement of the data protection officer. The data protection officer is:
Kent Schwirz, PROTEKTO DATA FUSE GmbH, Wendenstraße 279, 20537 HamburgTelephone 
040 - 42236924, datenschutz [at] protekto.group


(4) Information requirements

a) meetyoo will immediately draw the client's attention to the fact if, in its opinion, an instruction issued by the client violates legal regulations. meetyoo is entitled to suspend the implementation of the corresponding instruction until it is confirmed or amended by the person responsible at the client's premises.

b) meetyoo is obliged to notify the client immediately of any infringement of data protection regulations, of the contractual agreements made and/or of the instructions issued by the client which has occurred in the course of the processing of data by it or by other persons entrusted with the processing.
 

(5) Place of data processing

The collection, processing, and use of the client data shall generally take place in the territory of the Federal Republic of Germany, in another member state of the European Union or in another contracting state of the Agreement on the European Economic Area (EEA). Irrespective of the fact that a collection, processing or use of client data outside the EEA may not be subject to the privilege of Art. 28 DSGVO, meetyoo is permitted to process client data in compliance with the provisions of this contract also outside the EEA if it has informed the client in advance of the location of the data processing and has verified compliance with the technical and organizational measures taken in an appropriate form as well as guarantees pursuant to Art. 44 et seq. DSGVO.


(6) Deletion of personal data after termination of the order

After termination of the contract, meetyoo is obliged to delete or hand over to the client all personal data, documents and processing and utilisation results in its possession which are connected with the contractual relationship, in compliance with data protection and data security and in accordance with the instructions of the client. This does not apply to personal data for which meetyoo is obliged to store data in accordance with EU law or the law of the member states.
 

§6 Data protection control

(1) meetyoo shall provide the client with evidence of compliance with the obligations set out in this contract by means of a certified information security management system in accordance with ISO 27001. The current certificate can be viewed under the following link: 
https://www.certipedia.com/quality_marks/9105037096?locale=en

(2) meetyoo grants the client the right to personally inspect compliance with the regulations on data protection and the contractual agreements to the required extent during normal business hours. In doing so, the client will take meetyoo's operational procedures into account and give at least ten days' notice of inspections.

(3) meetyoo will support the client in carrying out checks and cooperate in the complete and speedy processing. Any costs incurred as a result of a check shall be borne by the client.

(4) Upon written request, meetyoo is obliged to provide the client with information within a reasonable period of time, insofar as this is necessary to carry out the control. 

(5) meetyoo must tolerate any control measures by the data protection supervisory authority and will inform the client, insofar as personal data of the client are affected by a control measure, immediately after becoming aware of the implementation of the control measure.
 

§7 Subcontracting relationships

(1) The commissioning of subcontractors for the fulfillment of the order is only permitted with the written consent of the client. meetyoo assures that it has carefully selected the subcontractor with particular regard to the suitability of the technical and organizational measures it has taken.

(2) he contractually agreed services or the partial services described below shall be carried out using the following subcontractors:


MEETYOO GO Services

Name/Company:                              Amazon Web Services EMEA SARL
Function/Activity:                             Provision of server capacities at the Frankfurt/Backup Paris site
Registered office [city, country]:     Luxembourg, Luxembourg
Certification:                                     Privacy Shield, ISO 9001, ISO 27001, ISO 27017, ISO 27018

Name/Company:                              Anotheria solutions GmbH
Function/Activity:                             Customer support  
Registered office [city, country]:     Hamburg, Germany

 

3) The client agrees that meetyoo may use subcontractors. Before calling in or replacing subcontractors, meetyoo will inform the client. The client may object to the change within a period of ten days for a good cause. If no objection is made within this period, the change will be deemed to have been accepted.

(4) No consent is required for the involvement of subcontractors where the subcontractor merely makes use of an ancillary service to support the provision of services under the main contract, even if access to the client's data cannot be ruled out in the process (transport services of postal or courier services as well as money transport services, etc.). meetyoo will conclude confidentiality agreements customary in the industry with such subcontractors.

(5) The subcontracting data processing agreement must have an adequate level of protection comparable to that of this contract. meetyoo will regularly check compliance with the subcontractor's obligations. meetyoo must in particular check in advance and regularly during the term of the contract that the subcontractor has taken the technical and organizational measures for the protection of personal data required under Article 32 (1) DSGVO.

(6) The transfer of data to the subcontractor is permissible if the subcontractor has fulfilled the obligation pursuant to Article 28 of the GDPR.

(7) The commitment of the subcontractor must be made in writing. The written commitment shall be provided to the Client upon request.

(8) The client hereby authorizes meetyoo, on behalf of the client, to conclude a contract with a subcontractor that processes or uses client data outside the EEA, incorporating the EU standard contractual clauses for the transfer of personal data to processors in third countries. The Client agrees to cooperate to the extent necessary in fulfilling the requirements pursuant to Art. 49 DSGVO.
 

§8 Data secrecy and confidentiality

(1) When processing data for the client, meetyoo is obliged to maintain data secrecy within the meaning of Art. 5 and Art. 29 DSGVO or to maintain confidentiality about data.

(2) In fulfilling the order, meetyoo undertakes to use only employees who are bound to data secrecy or confidentiality in the sense of Art. 5 and Art. 29 DSGVO and who have been familiarised with the requirements of data protection in an appropriate manner. The duty of confidentiality shall continue to exist after termination of the order.
 

§9 Technical and organizational measures

(1) meetyoo is certified according to ISO 27001. You can view the current certificate at the following link: https://www.certipedia.com/quality_marks/9105037096?locale=en

(2) The technical and organizational measures are described on the meetyoo website Annex Toms 1 and are defined as binding. They comply with the requirements according to Art. 32 DSGVO. The technical and organizational measures can be adapted in the course of the contractual relationship. 

(3) Within the information security management, meetyoo assures to fulfill its obligations according to Art. 32 para. 1 lit. d) DSGVO to implement a procedure for the regular review of the effectiveness of the technical and organizational measures to ensure the security of the processing. 

(4) meetyoo shall notify the client without delay of any disruptions, infringements by meetyoo or persons employed by it of data protection provisions or the stipulations made in this agreement, as well as of any suspected data protection infringements or irregularities in the processing of personal data. meetyoo assures to support the client in its obligations under Art. 32 to 36 DSGVO.
 

§10 Contact

(1) In the event of any data protection issues within the context of the Contract, the following contact is  at your disposal:
Rico Hengstmann, Compliance, meetyoo conferencing GmbH, Friedrichstr. 200, 10117 Berlin, Phone 030 - 868 710 400, datenschutz [at] meetyoo.de  

 

§11 Other

(1) In the event of any inconsistency between the provisions in this Agreement and the provisions of the Main Contract, the provisions of this Agreement shall prevail.

(2) Amendments and supplements to this agreement must be made in writing and must expressly state that they amend and/or supplement these provisions. This also applies to the waiver of this formal requirement.

(3) If any provision of this Agreement is or becomes invalid or unenforceable, the remaining provisions of this Agreement shall not be affected thereby. The invalid or unenforceable provision shall be replaced by a valid and enforceable provision which comes as close as possible to the purpose of the replacing provision.

(4) With regard to the limitation of liability of meetyoo, the choice of law and the place of jurisdiction, reference is made to the underlying service contract with meetyoo.

 

Appendix 1: Technical and organisational measures at meetyoo
 

Image
Meetyoo wave navy
Want to consult a virtual event expert for free?Schedule appoinment