Terms and Conditions

General Terms and Conditions of Hospitality Digital GmbH (Internet Services)

H.d Digital GmbH Metro-Strasse 1, 40235 Düsseldorf ("H.d") offers companies from the hotel and restaurant industry ("Principal") free services that are provided exclusively through the Internet and that are described in further detail below ("Services"). Some Services may only become available once the Principal has registered.

1. Scope of Application

1.1 H.d shall provide the Services and other benefits only based on the terms and conditions below ("GTC").

1.2 Any deviating terms and conditions of the Principal shall not apply, even if H.d does not specifically reject these and/or provides the Services and/or other benefits without reservation in full knowledge of the contrary and/or deviating terms and conditions of the Principal.

2. Scope of Services

2.1 The Services include the following benefits provided by H.d for the term of the agreement:

(a) H.d shall provide the Principal with Storage Space to be used on the systems of H.d, which the Principal may access via the Internet ("Storage Space"), see section 4.

(b) H.d shall grant the Principal online access to software that enables the Principal to create simple websites with pre-set layouts and to store these on the Storage Space, to manage the Storage Space, and/or to make it accessible to third parties ("Software"), see section 5.

(c) The functional scope of the software includes a so-called “claiming service”, through which H.d enables the Customer to automatically transmit published information about its local availability (i.e. in particular, details about the Customer’s local and time-specific availability (e.g. company’s address and opening hours)) to third-party providers on its website. See Clause 6.

(d) H.d shall offer to the Principal a sub-domain under the domain name "eatbu.com" of H.d in accordance with the sample xyz.eatbu.com, which the Principal may select depending upon availability and that is linked to the Storage Space ("Sub-Domain"), see section 7.

2.2 H.d may offer additional benefits to the Principal, the scope of which is to be coordinated with the Principal and which are provided subject to the provisions of these GTC.

2.3 H.d may adjust the Services and other benefits to the state of the art and technical developments or necessities, provided the respective adjustment is within reason for the Principal. H.d may discontinue the Services and other services with a reasonable notice period. H.d shall inform the Principal about the discontinuation of the Services in a timely manner.

3. Principal's Obligations

3.1 The Principal shall keep the business and contact information provided at the conclusion of the agreement current for the entire term of the agreement and shall promptly inform H.d of any changes. The Principal shall furthermore ensure that the mobile number and e-mail address provided to H.d is regularly accessed in order to obtain information that is relevant for the agreement.

3.2 The Principal shall protect all access information received by the Principal from H.d against any access from unauthorized third parties. The Principal shall inform H.d as soon as the Principal has a reasonable suspicion or knowledge of a potential misuse of the access information provided.

3.3 The Principal is aware that their website may be associated with H.d. Therefore, the Principal shall take all steps necessary to keep the services offered by Principal and the services offered by H.d or third parties separate in terms of their content.

3.4 Should the Principal find out that their use of the Services or other benefits lead to a violation of the law, the Principal shall be required to immediately cease and desist from violating the law and delete any illegal content.

4. Special Storage Space Provisions

4.1 The Storage Space is provided to the Principal free of charge. Consequently, H.d cannot guarantee a particular availability of the Storage Space. Furthermore, the Storage Space shall be unavailable during necessary maintenance work. H.d shall strive to keep any impairment caused by maintenance work as low as possible. H.d shall provide the Principal with the other performance specifications of the Storage Space prior to the conclusion of the agreement.

4.2 The Principal undertakes and warrants that all files, including HTML and other documents, texts, pictures, graphics, fonts, videos, etc., ("Content") shall be stored, published, and/or made available on the Storage Space and/or with the help of the Software in accordance with applicable law. The Principal shall specifically only store Content on the Storage Space and/or with the help of the Software for which the Principal holds the required rights, including use and exploitation rights under copyright law, and that such Content does not infringe any personal rights of third parties. Furthermore, the Principal shall not store, publish, and/or make available on the Storage Space and/or with the help of the Software any Content that is of an immoral, in particular pornographic, racist, or discriminatory nature. H.d shall be entitled to delete any Content that is stored on the Storage Space and/or with the help of the Software in violation of this section 4 and of which H.d is informed by government agencies, courts, the holder of rights, or other third parties or of which it gains knowledge in another way.

4.3 The Principal shall grant H.d the necessary rights to all Content that the Principal stores, publishes, and/or makes publicly available on the Storage Space and/or with the help of the Software, in particular the rights required to store the Content, to make technical adjustments to it, to make it publicly available, and to copy it. H.d may only have access to the Principal's Content on the Storage Space to the extent this is technically necessary to provide and/or publish the Content and to the extent this corresponds to the contractually granted authorizations.

4.4 Furthermore, the Principal may not run or arrange to run any automated processes, scripts, software or other data and/or Content on the Storage Space and/or or take any steps or have any steps taken (with the help of the Software), which would more than even insignificantly impair systems, networks, and/or other hardware and software such as network components of H.d and/or third parties. In the event that H.d learns of such impairment, H.d shall be entitled to stop such impairment and/or prevent it.

4.5 The Principal shall perform data backups on a daily basis in order to be able to recover the Content of the Storage Space without any additional cost.

4.6 The Principal may only make websites publicly available on the Storage Space that were created with the help of the Software.

5. Special Software Provisions

5.1 The Principal shall be granted access to the Software exclusively for the creation of a website for the Principal and for the administration of their Storage Space. H.d shall grant access at the handover point to the public network.

5.2 The Principal may not access or use the Software on behalf of a third party or for other purposes. The Principal shall specifically not be authorized to copy the Software, to make it available to third parties, to disassemble the Software, or to modify it in any other way.

6. Special provisions of the claiming service

6.1 H.d enables the Customer to publish information about its local availability (e.g. address and opening hours) on the website created by the Customer using the software, and at the same time transmit this data to third-party providers for publication on online platforms operated by them.

6.2 H.d is obligated to provide the claiming service to the Customer until further notice; this applies in any case with respect to the automatic transmission of contents to Google My Business, entered by the Customer for this purpose using the software.

6.3 The transmission of this data to further third-party providers represents an optional service provided by H.d as part of the claiming service, which the Customer may or may not wish to avail of. If the Customer wishes to avail of this service, it hereby simultaneously consents to the transmission of this data to the third-party providers selected by it.

6.4 H.d may terminate the “claiming service” at any time at its own discretion (e.g. if third-party providers no longer offer certain services). When making such a decision, H.d shall take due consideration of the Customer’s legitimate interests.

7. Special Sub-Domain Provisions

7.1 When registering the Sub-Domain with H.d, the Principal must comply with the requirements of the Internet Corporation for Assigned Names and Numbers ("ICANN"), which is the entity that assigns .com domains. The Principal may register a maximum of three Sub-Domains with H.d.

7.2 The Principal undertakes and warrants that the Sub-Domain shall be selected only in accordance with applicable law and that, in particular, the Principal shall only select names for the Sub-Domain for which the Principal owns the respective rights including trademark and/or name rights. The Principal shall furthermore not register any domain names for the Sub-Domain that are contrary to public policy or immoral. H.d shall be entitled to delete any Sub-Domains that were chosen in violation of this section 7.2 and of which H.d is informed by government agencies, courts, the holder of rights, or other third parties or of which it gains knowledge in another way.

8. Special Provisions for Additional Services

8.1 Notwithstanding section 2.1(c), the Principal may register their own domain name and/or use an already registered domain name and link it to the Storage Space. H.d shall refer the Principal to an external service provider for the registration. The agreement for the registration of such an own domain name is concluded between the Principal and external service providers. H.d shall be neither a contracting nor any other party to that agreement.

8.2 H.d shall provide the Principal with technical support for linking of their own domain name with the Storage Space.

9. Conclusion of the Agreement, Duration, Termination

9.1 The agreement shall be deemed as concluded when the Principal accepts the offer for the conclusion of an agreement governing the Services and other benefits by H.d. Acceptance generally takes place by H.d commencing with the provision of the Services.

9.2 This agreement shall be concluded for an indefinite period and may be terminated by the Principal at any time and by H.d with a notice period of two (2) weeks.

9.3 H.d shall communicate terminations either in writing or by email. The Principal generally terminates by selecting in the Software the respective option to delete its content and then confirming it.

9.4 This shall not affect the Parties' rights to terminate the agreement without notice for good cause. Good cause is given in particular if the Principal does not meet one of the obligations set forth in sections 3, 4, 5, 7, 10.2, and 10.3.

8.5 Upon having terminated the agreement, regardless of the grounds, H.d shall delete all data stored by the Principal on the Storage Space within the context of the contractual relationship as well as the Sub-Domain within thirty (30) days, unless the Principal performs the deletion themselves with the help of the Software.

10. Warranty and Liability, Indemnification

10.1 With regard to the Services and benefits that H.d provides to the Principal free of charge, H.d shall reimburse the Principal only for damages incurred by the Principal due to fraudulently concealed defects. H.d shall not bear any further liability for defects of title and/or material defects for Services and benefits provided free of charge.

10.2 H.d, their vicarious agents, or their legal representatives shall be liable for the Services and benefits provided by H.d to the Principal free of charge only in cases of intent, gross negligence, or a culpable loss of life, bodily injury, or damage to health, as well as, for fraudulently concealed defects. In the event of lost data, the liability of H.d shall, however, only be limited to the recovery costs that would have been incurred if the data had been backed up on a daily basis. Liability pursuant to the German Product Liability Act and the Minimum Wage Act shall remain unaffected.

11.3 Only the Principal shall be responsible for the Content and the name of the Sub-Domain. Therefore, the Principal shall upon first request indemnify and hold H.d, their vicarious agents and legal representatives, and all companies affiliated with H.d pursuant to Sec. 15 of the German Stock Corporation Act (AktG) harmless of any third-party claims asserted against H.d, their vicarious agents, legal representatives and/or companies affiliated with H.d due to or in connection with the Services and other benefits. This shall specifically apply for all trademark, copyright, data protection, and competition violations. This indemnification shall comprise the necessary legal costs including costs for arbitration proceedings as well.

11. Data Protection, Confidentiality

11.1 H.d is responsible for the processing of the personal data collected by the Principal. H.d processes the personal data exclusively for the execution of this agreement, for example to establish contact and to provide the services. Without the provision of this personal data, the execution of the agreement is not possible. This processing of personal data is based on Article 6 Para. 1 Clause 1 (b) of the General Data Protection Regulation (GDPR). The personal data of the Principal will be deleted after termination of the agreement, unless there are legal obligations that require the personal data to be stored for a longer period. In this case, the personal data cannot be used for other purposes and then is deleted as soon as the statutory retention period has expired. For the purposes of agreement implementation, H.d uses the support of service providers, for example in the field of hosting, for maintenance and other services. These service providers may be external companies as well as companies affiliated with H.d in accordance with Section 15 et seqq. of the German Stock Corporation Act (AktG) through contractual agreements with the service providers, H.d ensures that this personal data is processed in accordance with the requirements of the GDPR. This also applies if the personal data should be processed outside the EU/EEA. To exercise the rights of the Principal in accordance with the GDPR

· Information about the processing of his personal data as well as a copy of these data (Art. 15 GDPR),

· Correction of incorrect data and completion of incomplete personal data (Art. 16 GDPR),

· Deletion of his personal data and, if made public, that H.d informs other persons responsible about the deletion request (Art. 17 GDPR),

· Limitation of the processing of his personal data (Art. 18 GDPR),

· Data portability, so that his personal data are given to him in a structured, common and machine-readable format, and the right to transfer this data to another responsible person without hindrance by H.d (Article 20 GDPR), and

· to appeal against data processing (Art. 21 GDPR)

the Principle can contact the data protection officer of H.d (privacy@hd.digital) at any time. The client also has the right to complain to the competent supervisory authority, as far as the client considers the data processing as incompatible with the GDPR (Art. 77 GDPR).

11.2 In respect of third parties, the Principal shall be exclusively responsible for compliance with the respective data protection provisions, which includes compliance with existing obligations to furnish information in connection with the website that the Principal created with the Software.

11.3 The Parties shall not make any confidential information accessible to third parties for the duration of the agreement and two years thereafter and shall not use it for any purposes that do not serve the agreement. All information pertaining to technical information and know-how provided to the Principal as well as information that is identified by one of the Parties as confidential and that is of economic value shall be considered as confidential.

11.4 The duty to confidentiality shall not extend to information that became known to the other party without one of the Parties breaching confidentiality or that became or already is public knowledge or that must be made available to third parties due to statutory provisions, a court order, or an administrative order, or that is reviewed by a third party, who has been sworn to secrecy, intending to purchase one of the companies.

12. Remuneration

12.1 The Principal shall not owe any remuneration for the provision of the Services by H.d. The Services shall be provided free of charge.

12.2 Any third party services provided within the context of expanded services shall not be affected by section 12.1.

13. Miscellaneous Provisions

13.1 H.d may have a part of or the entire performance they owe within the provisions of this agreement, in particular the Services, rendered by subcontractors.

13 .2 H.d may amend these GTC upon prior notification of the Principal, including intended amendments. H.d may only amend these GTC to the extent that this is reasonable for the Principal, such amendment does not apply to one of the main contractual obligations or to the extent that the Principal is not put in an overall inferior situation by the amendment. The already intended transferal of rights and obligations of H.d described herein to their subsidiary Hospitality.systems GmbH shall be deemed as reasonable. The Principal may challenge an amendment of the GTC within six (6) weeks from receipt of the notification or terminate the agreement without notice. Should the Principal not challenge the amendment of the GTC or not within the notice period, their consent to the amendment of the GTC shall be assumed. H.d shall inform the Principal of the consequences of a failure to challenge and the right to terminate the agreement without notice in all notifications applicable to an amendment of the GTC.

13.3 Should a provision of this agreement be or become, either in full or in part, invalid, ineffective, impracticable, or unenforceable ("Erroneous Provision"), the effectiveness and enforceability of the other provisions of this agreement shall not be affected. Instead, the Parties already now undertake to agree in place of the Erroneous Provision to such a provision, which, to the extent permitted by law, comes closest to what the Parties had wanted in accordance with the sense and purpose of the agreement, if they had recognized the error of the provision. If the provision is erroneous due to the extent of the service or the time, (deadline or due date) determined therein, the provision should be agreed with an extent permitted by law that comes closest to the original extent. The same shall apply to any loopholes in this agreement. It is the expressed intention of the Parties that this severability clause does not result in a mere reversal of the burden of proof, but that Sec. 139 of the German Civil Code (BGB) as a whole shall not apply.

13.4 This agreement and all claims and rights based on or in connection with this agreement shall exclusively be governed by German law and shall be interpreted and enforced under German law. The conflict of laws provisions shall not apply. The United Nations Convention on Contracts for the International Sale of Goods (CISG) shall not apply.

12.5 This agreement has been concluded both in English and in [French / Italian] language. For the avoidance of doubt, the Parties agree that the English version shall prevail.

12.6 The exclusive place of jurisdiction for all disputes arising from or in connection with this agreement, its conclusion, or its execution shall be Düsseldorf - to the extent this is permitted under the law.

Stand: April 2019/ AG

Order Processing

By confirming the above General Terms and Conditions, the Principal ("Person Responsible") and H.d ("Processor"), collectively referred to as "Parties", individually as "Party", also enter into the following Data Processing Agreement ("DPA").


In the context of its business activities and in accordance with the above General Terms and Conditions, the Processor receives personal data for which the Person Responsible is accountable. The Parties agree on the provisions of this DPA ,in order to comply with the data protection obligations of the parties in accordance with European data protection law, in particular the General Data Protection Regulation (Article 28 GDPR).

1. Definitions

1.1 Personal Data means any information relating to an identified or identifiable natural person ("Person Concerned"). A natural person is considered to be identifiable when they can be directly or indirectly identified in particular by association with an identifier, such as a name, an identification number, location data, an online identifier or one or more special features that express the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person (hereinafter "Data").

1.2 Data processing on behalf of someone is the collection, processing, or use of data by the Processor on behalf of the Person Responsible.

2. Subject and content of the order

2.1 Subject and duration of the order

The details and the duration of the order result from the above General Terms and Conditions.

2.2 Type of data

The type of data is described in more detail in the General Terms and Conditions and in the Privacy Policy.

2.3 Purpose of the collection, processing, or use of the data

The purpose of the collection, processing, or use of data is described in more detail in the General Terms and Conditions and Privacy Policy.

2.4 Nature and extent of the collection, processing, or use of the data

The nature and extent of the collection, processing, or use of the data is described in more detail in the General Terms and Conditions and Privacy Policy.

2.5 Category of Persons Concerned

(a) Own data of the Principal

(b) Clients

2.6 Technical and organizational measures

(a) The technical and organizational measures to be implemented by the processor shall be set out in the Annex (see below) to this DPA. The Processor will regularly adapt these measures to the prior art at his own expense, provided that the agreed level of protection is not lowered and the Persons Responsible are immediately informed.

(b) The Processor is required to allow the Person Responsible to verify on-site compliance with the technical and organizational measures before commencing the processing activities under this contract. The audit right of the Person Responsible according to Number 2.10 remains unaffected.

(c) The processor shall ensure that the data processing systems used in the framework of the DPA comply with the standards of "privacy by design" and "privacy by default" in accordance with the prior art.

2.7 Correction, deletion and blocking of data, right to data portability, and right to object

(a) The rights of the persons involved in the processing of data by the processor, in particular rectification, erasure and blocking, data portability, and opposition shall be asserted against the controller. He alone is responsible for the protection of these rights.

(b) In the course of his work for the Person Responsible, the Processor is obliged to forward any request addressed to him by affected persons to the person responsible for proper processing without delay. If the Person Responsible and the Processor jointly act as external persons responsible, the Processor is entitled to answer this request independently.

(c) The Processor is also required to assist the Person Responsible with appropriate technical and organizational measures to comply with his obligation to reply to the persons concerned.

(d) In accordance with the instructions of the Person Responsible, the Processor shall rectify, suspend and/or erase data immediately, but no later than within five (5) days, and inform the Processor by that deadline.

2.8 Duties of the Processor

(a) The Processor may collect, process, and use data only in the context of the order and the documented instructions of the Person Responsible.

(b) The Processor has to comply with the technical and organizational measures, as defined in Clause 2.6 of this DPA at regular intervals and submit it on request.

(c) The Data Protection Officer is named as contact person for data protection at the Processor. This can be reached at privacy@hd.digital. If necessary, the Processor also appoints a representative in accordance with the requirements of Art. 27 GDPR.

(d) The Processor is responsible for maintaining confidentiality.. Any person at the Processor authorized to access the data of the Person Responsible shall be required to be bound by a duty of confidentiality or subject to reasonable professional secrecy and must be informed of the special data protection obligations arising from this DPA, as well as, the existing instructions and purpose. The Processor will document these obligations in writing and provide them at the request of the Person Responsible.

2.9 Justification of subcontracting conditions

(a) The justification for subcontracting relationships is permitted. The Processor shall inform the Person Responsible about the corresponding change in advance. The Person Responsible has a right to object.

(b) In the case of a commissioning from other processors, the Processor shall contractually ensure that the obligations of the Processor assigned under this DPA also apply in accordance with the other Processor.

(c) The Processor shall control the technical and organizational measures taken by the other processors on an ad hoc and regular basis during the subcontracting period to protect the data he has provided. The transfer of data is only permitted if the other Processor has implemented the necessary technical and organizational measures at least in accordance with the specifications of this DPA.

(d) The Processor shall be fully liable for the subcontractors he employs.

2.10 Audit rights of the Person Responsible

The Person Responsible is authorized to verify compliance with applicable data protection regulations and the DPA during normal business hours. The Processor agrees to provide the Person Responsible with all information reasonably necessary to carry out the inspection within a reasonable period of time. Where the Person Responsible considers that an on-site audit is required of the Processor, the Processor shall ensure that the person responsible for carrying out the audit has access to the Processor's office and an on-site inspection of the stored data and the data processing programs. The Person Responsible is entitled to have the test carried out by a third party (examiner) to be named in individual cases. The Person Responsible must announce the execution of such an audit in writing at least twenty (20) working days in advance. The cost of carrying out the audit and the costs incurred by the Processor at normal market rates are borne by the Person Responsible.

2.11 Notifications of Violations by the Processor

(a) The Processor shall notify the Person Responsible without delay, and at the latest within forty-eight (48) hours of such discovery, of all cases in which the Processor or persons or subcontractors employed by him/her have infringed the rules governing the protection of the data of the Person Responsible or the conditions set out in this DPA.

(b) The Person Responsible shall be notified of any incidents of loss or unlawful transmission or receipt by third parties, regardless of the cause. The Processor shall, in consultation with the Person Responsible, take appropriate measures to safeguard the data and to mitigate the possible adverse consequences for the persons concerned. To the extent that the persons responsible meet the notification obligations, the Processor shall assist the Person Responsible in fulfilling these obligations.

2.12 Instructions by the Person Responsible

(a) The processing of data of the Person Responsible by the Processor shall be carried out solely in the context of the DPA and the specific instructions reported by the Processor.

(b) The Processor shall, without delay, comply with (individual) instructions concerning the nature, extent and method of processing, or, if applicable, within the time limit set by the Person Responsible.

(c) The Processor shall notify the Person Responsible without delay if, in the opinion of the Processor, instructions issued by the Person Responsible violate data protection regulations. The Processor shall be entitled to suspend the execution of the relevant instruction until it has been confirmed or changed by a Person Responsible.

2.13 Deletion after completion of the order

After completion of the contractual work, the Processor must hand over all data that he has processed for the Person Responsible or, with the prior consent of the Person Responsible, destroy it according to data protection or delete it in accordance with the prior art. A right of retention is excluded with regard to the documents, data, processing, and usage results and the associated data carriers, unless the law of the European Union or of an EU member state requires the data to be stored.

3. Further obligations of the Processor

3.1 The Processor uses the data provided for data processing for no other purpose. Copies or duplicates without knowledge and without the prior written consent of the Person Responsible may not be created, unless this is due to the services ordered in the DPA. The Processor shall ensure that the data processed by him for the Person Responsible is separated from other data. A transmission of data of the Person Responsible by the Processor to third parties does not take place without the written consent of the Person Responsible.

3.2 The Processor shall provide reasonable assistance to those responsible in defending against claims based on a purported or actual breach of data protection requirements. The Person Responsible will, for his part, investigate the complaints of data subjects in the context of the data protection responsibility of the Person Responsible in an appropriate manner and process complaints from data subjects.

3.3 The Processor acknowledges that information is given to affected persons on the basis of a right to information exclusively via the Person Responsible or a person authorized by the Person Responsible. The Processor is obliged to provide the Person Responsible with the required information in good time and to support the Person Responsible. If the Processor himself also acts as the external Person Responsible, these inquiries can also be answered accordingly and the Person Responsible informed accordingly.

3.4 The Processor shall assist the controller in the preparation of necessary procedure indexes, where applicable.

3.5 The Processor shall assist the Person Responsible in carrying out data protection impact assessments when a type of processing is likely to result in a high risk to the rights and freedoms of natural persons.

3.6 The Processor agrees to inform the Person Responsible without delay of the results of inspections by the data protection supervisory authorities, insofar as these are related to this DPA. The Processor will inform those responsible about any complaints by the data protection supervisory authorities that relate to the area of ​​responsibility of the Processor and will remedy any identified complaints as required by law.

4. Liability

4.1 The Person Responsible is responsible for the permissibility of the data processing, as well as, for the protection of the rights of the data subjects.

4.2 By derogation from section 4.1, the Processor is responsible for claims of data subjects due to violations of the applicable legal provisions or the provisions of the DPA.

4.3 In relation to the Person Responsible, the Processor is only liable for intent and gross negligence within the scope of the legally permissible exclusion of liability and limitations.

5. Final provisions

5.1 The Controller shall inform the Processor immediately and in full if he finds errors or irregularities in the processing of the data by the Processor during the audit.

5.2 This DPA may be modified and terminated under the same terms and conditions as the above General Terms and Conditions.

5.3 The invalidity of one or more provisions of this DPA does not affect the effectiveness of the DPA. In the case of the ineffectiveness of one or more provisions of this DPA, the Parties shall take a legally effective substitute provision as economically as possible in the case of the ineffective provision. The same applies in case of a loophole.

5.4 The DPA is subject to the same right as the above General Terms and Conditions.

5.5 In case of contradictions between the DPA and other agreements between the parties, the provisions of this DPA prevail.

Status: 2018/ AG

Technical and organizational measures

Taking into account the prior art, the implementation costs and the nature, scope, circumstances, and purposes of the processing and the different likelihood and severity of the risk to the rights and freedoms of natural persons, the Processor shall implement appropriate technical and organizational measures to ensure a level of protection commensurate with the risk; These measures include, inter alia, the following:

• the pseudonymisation and encryption of the data;

• the ability to permanently ensure the confidentiality, integrity, availability, and resilience of processing systems and services;

• the ability to rapidly restore data availability and accessibility in the event of a physical or technical incident;

• a process for the periodic review, assessment, and evaluation of the effectiveness of the technical and organizational measures to ensure the security of the processing.

Without prejudice to the foregoing, the following specific measures will be taken:

1. Access control

Measures to prevent unauthorized persons from gaining access to the data processing system used to process the data:

• Specification of the authorized group of persons and corresponding documentation;

• Electronic access control;

• Issuance of access IDs;

• Introduction of guidelines for external individuals;

• Alarm or security outside working hours;

• Distribution of properties into different security zones;

• Introduction of guidelines for handling keys (cards);

• Security doors (electronic door opener, ID reader, CCTV);

• Introduction of measures for on-site security (e.g. intrusion detection/notification).

2. Access control

Measures to prevent unauthorized persons from using the data processing system and procedures:

• Definition of the group of people who have access to data processing systems;

• Introduction of guidelines for external individuals;

• Password protection for personal computers.

3. Access control

Measures to ensure that persons authorized to use the data-processing techniques can only access the data subject to their authorization:

• Introduction of limited access rights based on the respective data and functions;

• Obligation to identify to data processing equipment (e.g. through ID and authentication);

• Introduction of policies about access and user roles;

• Evaluation of protocols in case of a harmful event.

4. Transfer control

Measures to ensure that the data cannot be read, copied, altered or removed during electronic transmission or during its transport or storage on data carriers, and that it is possible to check and determine at which points a transmission of the data by means of data transmission is provided.

• Encryption

5. Entry control

Measures to ensure that it is possible to subsequently verify and determine whether and by whom the data has been entered, altered, or removed from IT systems.

• Recording of data entries.

6. Order control

Measures to ensure that data processed on order can only be processed in accordance with the instructions of the Person Responsible.

• Documentation of the different competences and obligations between the Person Responsible and the Processor;

• Formal commissioning;

• Control of the work results.

7. Availability control

Measures to ensure that the data is protected against accidental destruction or loss.

• Implement a plan for regular backups;

• Secure storage of data backups in fire and water-resistant safety cabinets;

• Introduction and regular control of an emergency power system and a surge protection system;

• Introduction of an emergency plan;

• Protocol on the introduction of crisis and/or emergency management.

8. Separation control

Measures to ensure that data collected for different purposes can be processed separately.

• Separation of the data of the Processor’s respective clients.

Status: May 2018/ AG