Data Protection Agreement MEETYOO Pro & Show
Disclaimer: Click in one of the following buttons to read the respective "Data Protection Agreement" for your location:
EU and rest of the world
General Agreement on Order Processing
in accordance with Art. 28 (3) of the General Data Protection Regulation (GDPR)
(As at 1.6.2022)
§1 Completion of the contract
In accordance with the following conditions, an order processing contract is concluded between meetyoo (meetyoo conferencing GmbH, Friedrichstrasse 200, 10117 Berlin, Berlin, Germany) and any company that uses the contractor's services (hereinafter referred to as the "client").
§2 Scope of application and responsibility
meetyoo shall process personal data on behalf of, and in accordance with the instructions given by, the Contracting Authority. This shall include activities specified in the Contract and in the service description. Within the context of this Contract, the Contracting Authority shall bear sole responsibility for the observance of the statutory provisions of the data protection laws, in particular for the legality of the data transfer to the contractor as well as being solely responsible for the legality of the processing of the data ("Responsible Body" within the sense of Art. 4 No. 7 GDPR).
(1) To the extent that the terms "data processing" or "processing" of data are used in this Agreement, this shall be understood as the general usage of personal data. Reference is made to the further definitions in Art. 4 No. 2 GDPR.
(2) The instructions are initially determined by the Contract and the Contracting Authority may then amend, supplement or replace such with individual instructions (single instruction) in written form or in an electronic format (text form) to the body designated by the contractor. Instructions that have not been provided for in the Contract, shall be treated as a request for a change in performance. Verbal instructions shall be immediately confirmed either in writing or in text form.
§3 Subject matter, duration, and specification of the order processing
(1) The subject of the contract is the provision of internet and telephone-based presentation and conference media within the framework of the scope agreed with meetyoo, in accordance with the underlying contract.
(2) The term of this Agreement shall be determined in accordance with the provisions of the underlying contract.
(3) The following provisions shall apply to all order data processing services within the sense of Art. 28. (3) General Data Protection Regulation (GDPR), which meetyoo provides vis-à-vis the Contracting Authority. The Agreement shall therefore also apply for further orders until further notice.
(4) In particular, the following data shall form a component part of the data processing:
a) Types of data/data categories:
General
-Personal data
-Contact Information
-Contract data
-Payment information
-Behavioural data
-Usage data from telemedia services or telecommunications services
-Employers
-Voice data
Web Services
-Screen information
-Video image
-IP address
-Chat content
-Image (speakers’ photos)
Circle of persons affected by the data processing
-Customers
-Contracting authorities
-Interested parties
-Employees
-Applicants
-Suppliers
-Service providers
-Business partners
-Shareholders
-Conference participants
The circle of persons affected by the handling of the personal data within the context of the underlying contract shall be dependent upon for which group of people the Contracting Authority engages services of meetyoo.
c) Nature and purpose of the data processing:
General
-Billing
-Access data management
-Reports for the client
-Customer login
-Use of the telemedia/telecommunications service
-File sharing/storage
Telephone Services
-International fixed-line and mobile dial-up
-Dial-out option, calling of conference participants upon request
-Conference recording (Voice Recording)
-Voice communication (telephone conference)
Web Services
-Chat
-OnDemand webcast (online video recording)
-Webcam/Video transmission
§4 Rights and obligations of the Contracting Authority
(1) The Contracting Authority shall bear sole responsibility for the assessment of the admissibility of the data collection, processing and usage and for the safeguarding of the rights of the persons affected and is thus a Responsible Body in accordance with Art. 4 No. 7 GDPR.
(2) The Contracting Authority shall be entitled to issue instructions concerning the nature, scope and methods of data processing. Instructions may only be made in text form. Any remuneration for additional expenses incurred by meetyoo as a result of the supplementary instructions of the Contracting Authority shall be negotiated separately.
(3)The Contracting Authority shall inform meetyoo immediately if errors or irregularities are determined in connection with the processing of personal data by meetyoo.
(4) The Contracting Authority shall be responsible for the legality of the collection, processing and use of the data of the Contracting Authority and for the safeguarding of the rights of the persons affected. Should a third party assert claims against meetyoo due to the collection, processing or use of Contracting Authority data, the Contracting Authority shall exempt meetyoo from all such claims upon first demand.
(5) Prior to the commencement of data processing and then, in consultation with meetyoo on a regular basis, the Contracting Authority shall be entitled to assure itself of the observance of the technical and organizational measures for data security being taken by meetyoo. The Contracting Authority may also have these checks carried out by a third party. Where necessary, the costs incurred as a result of carrying out an inspection shall be borne by the Contracting Authority.
(6) In the event of an information obligation in accordance with Art. 33, 34 GDPR, §15a TMG (German Telemedia Act) or § 109a TKG (German Telecommunications Act), the Contracting Authority shall be responsible for compliance with such.
§5 Obligations of meetyoo
(1) Data processing
a) Meetyoo shall be obliged to process personal data exclusively within the framework of the agreements made and in accordance with the instructions of the Contracting Authority. Any processing of data in deviation from this shall be prohibited. meetyoo shall be obliged to not process the data transferred for data processing for any other purpose; especially not for its own purposes.
b) Copies or duplicates may not be created unless this is the subject matter of the contract, necessary to ensure compliance with statutory retention obligations or if the Contracting Authority has given its express written consent.
(2) Rectification and deletion of data, restriction of processing and data subject requests.
a) On the instructions of the Contracting Authority, meetyoo shall rectify, delete or restrict the processing of personal data that is collected, processed or used in the order. The same shall apply if this Agreement provides for rectification or deletion of data or restriction of processing.
b) Should an affected person turn directly to meetyoo for the purpose of rectification, deletion or for the purpose of restricting processing of his/her data, meetyoo shall be obliged to forward this request to the Contracting Authority immediately upon receipt.
(3) Support in the event of data protection violations, further support services
meetyoo shall notify the Contracting Authority without delay of any disruptions, infringements by meetyoo or the persons employed by it of data protection provisions or the stipulations made in this agreement, as well as any suspected data protection infringements or irregularities in the processing of personal data. meetyoo assures to support the Contracting Authority in its obligations pursuant to Art. 32 to 36 GDPR.
(4) Duties of control
a) By means of appropriate controls, meetyoo undertakes to ensure that the personal data collected, processed or used in the order is processed exclusively in accordance with the provisions of this Agreement and/or the underlying contract and/or the relevant instructions.
b) meetyoo confirms that, in accordance with Art. 37 GDPR, it has commissioned an external data protection officer and that it monitors compliance with the rules on data protection and data security with the involvement of the data protection officer. Data protection officer:
Deutsche Datenschutz Consult GmbH (external data protection officer)
Stresemannstr. 29
22769 Hamburg
Internet: ddsc.de
E-mail: dpo [at] meetyoo.com
(5) Information requirements
a) If, in its opinion, an instruction issued by the Contracting Authority violates legal regulations, meetyoo shall make the Contracting Authority aware of this immediately. meetyoo shall be entitled to halt the implementation of the corresponding instruction until the responsible person at the Contracting Authority has confirmed the correctness of such or has modified it.
b) meetyoo shall be obliged to immediately inform the Contracting Authority of every breach of General Data Protection Regulations, of the contractual agreements and/or the instructions issued by the Contracting Authority, which have arisen in the course of the processing of data by it or by other persons commissioned therewith.
(6) Location of data processing
The collection, processing and use of the data of the Contracting Authority shall generally be carried out within the territory of the Federal Republic of Germany, in another Member State of the European Union or in another state which is party to the Agreement on the European Economic Area (EEA). meetyoo is permitted to process the contractual data outside the EEA, provided that the requirements pursuant to 44 et seq. GDPR are complied with.
(7) Deletion of personal data after completion of an order
Following the termination of the Contract, meetyoo shall be obliged to delete all personal data, documents and processing and usage results that have been created, which are in connection with the contractual relationship and which have come into its possession in a data protection and data security compliant manner and in accordance with the instructions of the Contracting Authority or to hand such over to the Contracting Authority. Excluded from this is personal data for which meetyoo has an obligation to store in accordance with Union law or the law of the member states.
§6 Data protection control
(1) meetyoo proves to the Contracting Authority compliance with the assured measures with regard to information security management by means of certification in accordance with ISO 27001. The current certificate can be viewed in the following link: https://www.certipedia.com/quality_marks/9105037096?locale=en  &nb…;
(2) To the extent necessary, meetyoo shall grant the Contracting Authority the right to personally assure itself during normal working hours of compliance with the General Data Protection Regulations and the contractual agreements. In doing so, the Contracting Authority shall take meetyoo’s operational processes into account and announce such checks at least 10 days in advance.
(3) meetyoo shall support the Contracting Authority in the implementation of checks and collaborate in the full and speedy implementation of the same. Where necessary, the costs incurred as a result of carrying out an inspection shall be borne by the Contracting Authority.
(4) Upon written request and within a reasonable period of time, meetyoo shall be obliged to furnish the Contracting Authority with information to the extent necessary for the implementation of the check.
(5) meetyoo shall have to tolerate any control measures put in place by the Data Protection Supervisory Authority and shall notify the Contracting Authority insofar as personal data of the Contracting Authority is affected by a control measure immediately after gaining knowledge of the implementation of the said control measure.
§7 Subcontractual relationships
(1) The commissioning of subcontractors for the purpose of fulfilling an order shall only be permitted with the written consent of the Contracting Authority. meetyoo shall ensure that the subcontractors are selected with special consideration given to the suitability of the technical and organizational measures deployed by them.
(2) The contractually agreed services or the partial services described below shall be carried out with the involvement of the following subcontractors:
a) Web Service:
Name/Company: Amazon Web Services EMEA SARL
Function/activity: Provision of server capacities in Frankfurt
Headquarters [City, Country]: Luxembourg, Luxembourg
Certification: Concluded EU Standard Contractual Clauses, ISO 9001, ISO 27001, ISO 27017, ISO 27018
b) Telephone conference service:
Name/Company: Plusnet GmbH
Function/activity: Dial-in numbers provision (carrier)
Headquarters [City, Country]: Berlin, Germany
(3) Contracting Authority before taking recourse to replace the subcontractors. The Contracting Authority may, within a period of 10 days, object to the change vis-a-vis meetyoo where good grounds exist. Should no objection be raised within the period, consent shall be deemed to have been given to the change.
(4) No consent shall be required for the involvement of subcontractors, where the subcontractor will only provide an ancillary service to assist in the performance as per the main contract, even if access to the Contracting Authority data cannot be excluded as a result (transport services provided by postal or courier services and cash transportation services, etc.) meetyoo shall conclude industry-standard confidentiality agreements with such subcontractors.
(5) The agreement to subcontract data processing must provide evidence of an adequate level of protection, which is comparable to that of this Contract. meetyoo shall regularly check compliance with the obligations of the subcontractor. In advance and during the term of the contract, meetyoo shall particularly ensure that the subcontractor has taken the necessary technical and organizational measures, as per Art. 32 (1) GDPR, to protect personal data.
(6) The transfer of data to subcontractors is permissible if a contract processing agreement has been concluded with them that meets the requirements of Art. 28 GDPR. If the use of the subcontractor results in the processing of personal data in third countries that are the subject of the order, meetyoo shall ensure that guarantees have been agreed with this subcontractor in accordance with Art. 44 et seq. GDPR have been agreed upon.
(7) The obligation of the subcontractor must be made in writing. Upon request, this obligation shall be communicated to the Contracting Authority.
(8) The Contracting Authority hereby authorizes meetyoo, in the representation of the Contracting Authority, to conclude a contract with a subcontractor, which shall process or use Contracting Authority data outside of the EEA, whereby the EU standard contractual clauses for the transfer of personal data to order processors in third countries shall be included. The Contracting Authority declares itself to be prepared to co-operate in the fulfillment of the conditions of Art. 49 GDPR to the necessary extent.
§8 Data secrecy and confidentiality
(1) When processing data for the Contracting Authority, meetyoo shall be obliged to maintain data secrecy within the sense of the Art. 5 and Art. 29 GDPR or to maintain confidentiality concerning data.
(2) meetyoo undertakes only to use employees in the implementation of the order who have been obliged to data secrecy or confidentiality in the sense of Art. 5 and Art. 29 GDPR and have been made familiar with the requirements of data protection in an appropriate manner. The data secrecy obligation shall continue to apply following the end of the order.
§9 Technical and organizational measures
(1) meetyoo is certified in accordance with ISO 27001. The current certificate can be found in the following link: https://www.certipedia.com/quality_marks/9105037096?locale=en
(2) The technical and organizational measures described in Appendix 1 shall be deemed to be binding and meet the requirements in accordance with Art. 32 GDPR. The technical and organizational measures may be adapted in the course of the contractual relationship. Major changes must be agreed upon in writing.
(3) Within the information security management, meetyoo shall ensure compliance with its obligations as per Art. 32(1) lit. d) GDPR and to implement a procedure for regular review of the effectiveness of the technical and organizational measures to ensure the security of processing.
§10 Contact person
(1) In the event of any data protection issues within the context of the Contract, the following contact is at your disposal:
Rico Hengstmann, Compliance
meetyoo conferencing GmbH, Friedrichstr. 200, 10117 Berlin, Telephone +4930 – 868 710 400, privacy [at] meetyoo.com
§11 Miscellaneous
(1) In the event of contradictions between the provisions of this Agreement and the provisions of the Contract, the provisions of this Agreement shall take precedence.
(2) Changes and additions to this Agreement must be made in writing and shall require the express indication that the present provisions are being amended and/or supplemented thereby. This shall also apply to any waiver of the written form requirement.
(3) Should any provision of this Agreement be or become invalid or unenforceable, the remaining provisions of this Agreement shall remain unaffected by this. The invalid or unenforceable provision shall be replaced by a valid and enforceable provision that comes closest to the purpose of the provision to be replaced.
(4) With respect to meetyoo’s limitation of liability, the election of the board, and the court of jurisdiction, reference shall be made to the underlying contract of services with meetyoo.
Appendix 1: Technical and organisational measures protective measures at meetyoo
North America
MEETYOO Inc.
General Agreement on Order Processing
in accordance with Art. 28 (3) of the General Data Protection Regulation (GDPR)
(Last update: 1.6.2022)
§ 1 Completion of the contract
In accordance with the following conditions, an order processing contract is concluded between MEETYOO Inc., 80 Pine Street, Floor 24 New York, NY 10005, USA hereinafter referred to as " meetyoo ”) and any company that uses the contractor's services (hereinafter referred to as the " Contracting Authority ").
§ 2 Scope of application and responsibility
meetyoo shall process personal data on behalf of, and in accordance with the instructions given by, the Contracting Authority. This shall include activities specified in the Contract and in the service description. Within the context of this Contract, the Contracting Authority shall bear sole responsibility for the observance of the statutory provisions of the data protection laws, in particular for the legality of the data transfer to the contractor as well as being solely responsible for the legality of the processing of the data ("Responsible Body" within the sense of Art. 4 No. 7 GDPR).
1. To the extent that the terms "data processing" or "processing" of data are used in this Agreement, this shall be understood as the general usage of personal data. Reference is made to the further definitions in Art. 4 No. 2 GDPR.
2. “U.S. Data Protection Laws” shall refer to the California Consumer Privacy Act of 2018 ("CCPA"), as amended by the California Privacy Rights and Enforcement Act of 2020 ("CPRA") (effective January 1, 2023), the Virginia Consumer Data Protection Act (effective January 2023) (“VCDPA”), and the Colorado Privacy Act (effective July 2023) (“CPA”).
3. The instructions are initially determined by the Contract and the Contracting Authority may then amend, supplement or replace such with individual instructions (single instruction) in written form or in an electronic format (text form) to the body designated by the contractor. Instructions that have not been provided for in the Contract, shall be treated as a request for a change in performance. Verbal instructions shall be immediately confirmed either in writing or in text form.
§ 3 Subject matter, duration and specification of the order processing
1. The subject of the Contract is the provision of internet and telephone-based presentation and conference media within the framework of the scope agreed with meetyoo, in accordance with the underlying contract.
2. The term of this Agreement shall be determined in accordance with the provisions of the underlying contract.
3. The following provisions shall apply to all order data processing services within the sense of Art. 28. (3) General Data Protection Regulation (GDPR), which meetyoo provides vis-à-vis the Contracting Authority. The Agreement shall therefore also apply for further orders until further notice.
4. In particular, the following data shall form a component part of the data processing:
a) Types of data/data categories:
General
Personal data
- Contact Information
- Contract data
- Payment information
- Behavioural data
- Usage data from telemedia services or telecommunications services
- Employers
- Voice data
Web Services
- Screen information
- Video image
- IP address
- Chat content
- Image (speakers’ photos)
b) Circle of persons affected by the data processing
- Customers
- Contracting authorities
- Interested parties
- Employees
- Applicants
- Suppliers
- Service providers
- Business partners
- Shareholders
- Conference participants
The circle of persons affected by the handling of the personal data within the context of the underlying contract shall be dependent upon for which group of people the Contracting Authority engages services of meetyoo.
c) Nature and purpose of the data processing:
- Storing
- Changing
- Submitting
- Blocking
- Deleting
General
- Billing
- Access data management
- Reports for the client
- Customer login
- Use of the telemedia/telecommunications service
- File sharing/storage
Telephone Services
- International fixed-line and mobile dial-up
- Dial-out option, calling of conference participants upon request
- Conference recording (Voice Recording)
- Voice communication (telephone conference)
Web Services
- Chat
- OnDemand webcast (online video recording)
- Webcam/Video transmission
§ 4 Rights and obligations of the Contracting Authority
1. The Contracting Authority shall bear sole responsibility for the assessment of the admissibility of the data collection, processing and usage and for the safeguarding of the rights of the persons affected and is thus a Responsible Body in accordance with Art. 4 No. 7 GDPR.
2. The Contracting Authority shall be entitled to issue instructions concerning the nature, scope and methods of data processing. Instructions may only be made in text form. Any remuneration for additional expenses incurred by meetyoo as a result of the supplementary instructions of the Contracting Authority shall be negotiated separately.
3. The Contracting Authority shall inform meetyoo immediately if errors or irregularities are determined in connection with the processing of personal data by meetyoo.
4. The Contracting Authority shall be responsible for the legality of the collection, processing and use of the data of the Contracting Authority and for the safeguarding of the rights of the persons affected. Should a third party assert claims against meetyoo due to the collection, processing or use of Contracting Authority data, the Contracting Authority shall exempt meetyoo from all such claims upon first demand.
5. The Contracting Authority agrees that it will provide notice to the persons affected, where required by the GDPR and/or U.S. Data Protection Laws, of any meetyoo trackers, provided that the Contracting Authority must only provide general notice of tracking technologies and such requirement shall not obligate the Contracting Authority to specifically name meetyoo.
6. Prior to the commencement of data processing and then, in consultation with meetyoo on a regular basis, the Contracting Authority shall be entitled to assure itself of the observance of the technical and organisational measures for data security being taken by meetyoo. The Contracting Authority may also have these checks carried out by a third party.
7. In the event of an information obligation in accordance with Art. 33, 34 GDPR, the Contracting Authority shall be responsible for compliance with such.
§ 5 Obligations of meetyoo
1. Data processing
a) meetyoo shall be obliged to process personal data exclusively within the framework of the agreements made and in accordance with the instructions of the Contracting Authority. Any processing of data in deviation from this shall be prohibited. meetyoo shall be obliged to not process the data transferred for data processing for any other purpose; especially not for its own purposes.
b) Copies or duplicates may not be created unless this is the subject matter of the contract, necessary to ensure compliance with statutory retention obligations or if the Contracting Authority has given its express written consent.
c) meetyoo supports the Contracting Authority regarding any request of the data subject in terms of information, restriction of processing and contradiction.
2. Rectification, transmission, deletion and blocking of data
a) On the instructions of the Contracting Authority, meetyoo shall rectify, delete or block the personal data that is collected, processed or used in the order. The same shall apply if this Agreement provides for a rectification, deletion or blocking of data.
b) Should an affected person turn directly to meetyoo for the purpose of rectification, deletion or blocking of his/her data, meetyoo shall be obliged to forward this request to the Contracting Authority immediately upon receipt and either provide the Contracting Authority with the ability to rectify or, as the case may be, erase, restrict, or transmit to another third party the affected personal data or, if such ability cannot be provided, meetyoo shall provide the necessary assistance to rectify or, as the case may be, erase, restrict, or transmit to another third party the affected personal data.
c) The obligations in this paragraph shall apply with respect to personal data that is “personal information” subject to the CCPA and/or CPRA, and shall be in addition to any obligations elsewhere in this Agreement. Where meetyoo receives an opt-out of sale or sharing request, meetyoo shall become a “service provider” as that term is defined by the CCPA/CPRA. In such context, meetyoo agrees and certifies that it shall not (i) sell or share personal information; (ii) retain, use, or disclose personal information for any purpose, including a commercial purpose, other than for the business purpose of performing its services under the Contract; (iii) retain, use, or disclose personal information outside of the direct business relationship between meetyoo and the Contracting Authority; or (v) combine the personal information that meetyoo receives with personal information that meetyoo receives from or on behalf of another data subject or data subjects, or collects from its own interaction with the data subject.
3. Duties of control
a) By means of appropriate controls, meetyoo undertakes to ensure that the personal data collected, processed or used in the order is processed exclusively in accordance with the provisions of this Agreement and/or the underlying contract and/or the relevant instructions.
b) meetyoo confirms that, in accordance with Art. 37 GDPR, it has commissioned an external data protection officer and that it monitors compliance with the rules on data protection and data security with the involvement of the data protection officer. Data protection officer:
Deutsche Datenschutz Consult GmbH (external data protection officer), Stresemannstr. 29
22769 Hamburg, Germany
Internet: ddsc.de
E-mail: dpo [at] meetyoo.com
4. Information requirements
a) If, in its opinion, an instruction issued by the Contracting Authority violates legal regulations, meetyoo shall make the Contracting Authority aware this immediately. meetyoo shall be entitled to halt the implementation of the corresponding instruction until the responsible person at the Contracting Authority has confirmed the correctness of such or has modified it.
b) meetyoo shall be obliged to immediately inform the Contracting Authority of every breach of General Data Protection Regulations, of the contractual agreements and/or the instructions issued by the Contracting Authority, which have arisen in the course of the processing of data by it or by other persons commissioned therewith.
5. Location of data processing
The collection, processing and use of the data of the Contracting Authority shall generally be carried out within the territory of the Federal Republic of Germany, in another Member State of the European Union or in another state which is party to the Agreement on the European Economic Area (EEA). Regardless of the fact that the collection, processing or use of Contracting Authority data outside of the EEA may possibly not be subject to the privileged status of Art. 8 GDPR, meetyoo shall be entitled to process the Contracting Authority data in compliance with the provisions of this Contract even outside of the EEA only if the Contracting Authority is informed in advance with regard to the location of the data processing and has checked compliance with the technical and organisational measures taken in an appropriate form and the guarantees in accordance with Art. 44 ff. DSGVO.
6. Deletion of personal data after completion of an order
Following the termination of the Contract, meetyoo shall be obliged to delete all personal data, documents and processing and usage results that have been created, which are in connection with the contractual relationship and which have come into its possession in a data protection and data security compliant manner and in accordance with the instructions of the Contracting Authority or to hand such over to the Contracting Authority. Excluded from this is personal data for which meetyoo has an obligation to store in accordance with Union law or the law of the member states.
§ 6 Data protection control
1. meetyoo shall provide the Contracting Authority with evidence of the observance of the obligations laid down in this Contract by means of certified information security management in accordance with ISO 27001. The current certificate can be viewed at the following link:
https://www.certipedia.com/quality_marks/9105037096?locale=de
2. To the extent necessary, meetyoo shall grant the Contracting Authority the right to personally assure itself during normal working hours of the compliance with the General Data Protection Regulations and the contractual agreements. In doing so, the Contracting Authority shall take meetyoo’s operational processes into account and announce such checks at least 10 days in advance.
3. meetyoo shall support the Contracting Authority in the implementation of checks and collaborate in the full and speedy implementation of the same. Where necessary, the costs incurred as a result of carrying out an inspection shall be borne by the Contracting Authority.
4. Upon written request and within a reasonable period of time, meetyoo shall be obliged to furnish the Contracting Authority with information to the extent necessary for the implementation of the check.
5. meetyoo shall have to tolerate any control measures put in place by the Data Protection Supervisory Authority and shall notify the Contracting Authority insofar as personal data of the Contracting Authority is affected by a control measure immediately after gaining knowledge of the implementation of said control measure.
§ 6 Subcontractual relationships
1. meetyoo shall ensure that the subcontractors are selected with special consideration given to the suitability of the technical and organisational measures deployed by them.
2. The Contracting Authority acknowledges the contractually agreed services or the partial services described below shall be carried out with the involvement of the following subcontractors:
a) Web Service:
Name/Company: meetyoo conferencing GmbH
Function/activity: Project Management /
Provision of virtual Events
Headquarters [City, Country]: Berlin, Germany
Certification: ISO 27001
Name/Company: Amazon Web Services EMEA SARL,
Function/activity: Provision of server capacities in Frankfurt
(Backup: Paris)
Headquarters [City, Country]: Luxemburg, Luxemburg
Certification: ISO 9001, ISO 27001, ISO 27017, ISO 27018
3. The Contracting Authority is in agreement with meetyoo engaging additional subcontractors or replacing subcontractors. meetyoo shall inform the Contracting Authority before taking recourse to replace the subcontractors. The Contracting Authority may, within a period of 10 days, reasonably object to the change vis-a-vis meetyoo where good grounds exist in writing. Should no objection be raised within the period, consent shall be deemed to have been given to the change.
4. No consent shall be required for the involvement of subcontractors, where the subcontractor will only provide an ancillary service to assist in the performance as per the main contract, even if access to the Contracting Authority data cannot be excluded as a result (transport services provided by postal or courier services and cash transportation services, etc.) meetyoo shall conclude industry-standard confidentiality agreements with such subcontractors.
5. The agreement to subcontract data processing must provide evidence of an adequate level of protection, which is comparable to that of this Contract. meetyoo shall regularly check compliance with the obligations of the subcontractor. In advance and during the term of the contract, meetyoo shall particularly ensure that the subcontractor has taken the necessary technical and organisational measures, as per Art. 32 (1) GDPR, to protect personal data.
6. The transfer of data to the subcontractor shall then be permitted if the subcontractor has fulfilled the obligation as per Art. 28 GDPR.
7. The obligation of the subcontractor must be made in writing. Upon request, this obligation shall be communicated to the Contracting Authority.
8. The Contracting Authority hereby authorises meetyoo, in representation of the Contracting Authority, to conclude a contract with a subcontractor, which shall process or use Contracting Authority data outside of the EEA, whereby the EU standard contractual clauses for the transfer of personal data to order processors in third countries shall be included. The Contracting Authority declares itself to be prepared to co-operate in the fulfilment of the conditions of Art. 49 GDPR to the necessary extent.
§ 7 Data secrecy and confidentiality
1. When processing data for the Contracting Authority, meetyoo shall be obliged to maintain data secrecy within the sense of the Art. 5 and Art. 29 GDPR or to maintain confidentiality concerning data.
2. meetyoo undertakes only to use employees in the implementation of the order who have been obliged to data secrecy or confidentiality in the sense of Art. 5 and Art. 29 GDPR and have been made familiar with the requirements of data protection in an appropriate manner.
The data secrecy obligation shall continue to apply following the end of the order.
§ 8 Technical and organisational measures
1. meetyoo is certified in accordance with ISO 27001. The current certificate can be found at the following link: https://www.certipedia.com/quality_marks/9105037096?locale=en
2. The technical and organisational measures described in Appendix 1 shall be deemed to be binding and meet the requirements in accordance with Art. 32 GDPR. The technical and organisational measures may be adapted in the course of the contractual relationship. Major changes must be agreed in writing.
3. Within the information security management, meetyoo shall ensure compliance with its obligations as per Art. 32(1) lit. d) GDPR and to implement a procedure for regular review of the effectiveness of the technical and organisational measures to ensure the security of processing.
4. meetyoo shall inform the Contracting Authority immediately of faults, breaches of statutory data protection provisions or the stipulations determined in this Agreement by meetyoo or persons employed by it, and of any suspected data protection violations or irregularities in the processing of personal data. meetyoo shall ensure that it supports the Contracting Authority in its obligations as per Art. 32 to 36 GDPR.
§ 9 Contact person:
1. In the event of any data protection issues within the context of the Contract, the following contacts are at your disposal:
meetyoo conferencing GmbH, Friedrichstr. 200, 10117 Berlin, Telephone 030 – 868 710 400, privacy [at] meetyoo.com
§ 10 Miscellaneous
1. In the event of contradictions between the provisions of this Agreement and the provisions of the Contract, the provisions of this Agreement shall take precedence.
2. Changes and additions to this Agreement must be made in writing and shall require the express indication that the present provisions are being amended and/or supplemented thereby. This shall also apply to any waiver of the written form requirement.
3. Should any provision of this Agreement be or become invalid or unenforceable, the remaining provisions of this Agreement shall remain unaffected by this. The invalid or unenforceable provision shall be replaced by a valid and enforceable provision which comes closest to the purpose of the provision to be replaced.
4. This Agreement shall be construed and enforced in accordance with the laws of the State of New York, excluding any conflict of laws principles. Jurisdiction and venue of any and all claims arising hereunder shall lie in the courts of competent jurisdiction for New York, New York
Appendix 1: Technical and organisational measures Protective measures at meetyoo