Privacy policy for the use of tick@lab according to Article 13 GDPR

Thank you for your interest in our software tick@lab.

We operate tick@lab systems in the cloud for our customers and also support customers in operating and maintaining their tick@lab on premise installations. Each customer determines individually which personal data is collected and stored by and about their end users and how this data is used in the operational process.

As a data processor, we process personal data exclusively on behalf of and on the instructions of our customers (- the data controller -) in accordance with the terms of the data processing agreement (DPA) concluded with each data controller. The personal data is processed for the purpose of providing software services, cloud hosting, and support (see 1. Purpose of Data Processing). We do not use the data for our own purposes and only act under the instructions of the data controller.

Data Processor

a-tune software AG
Julius-Reiber-Str. 15
64293 Darmstadt
Germany

info@a-tune.com
+49 6151 95131 0

1. Purpose of Data Processing

  • Provision of Software tick@lab
  • Maintenance and Operation of the cloud environment (applies only for SaaS and Cloud-Hosting)
  • Provision of support services for tick@lab as specified in the main contract and in accordance with a-tune’s support contract.

2. Legal Basis for Processing

The processing of personal data is based on the following legal grounds:

  • Art. 28 GDPR: Processing carried out on behalf of the data controller under a contract.
  • Art. 6 Abs. 1 lit. b GDPR: Processing necessary for the performance of a contract (between the data controller and the data subject, which involves using our software).
  • Art. 6 Abs. 1 lit. b GDPR: Processing based on legitimate interests (if applicable, such as providing software improvements).

3. Categories of Personal Data

As a data processor, we process the following categories of personal data as instructed by the data controller:

  • User data/Master Data (Username, First Name and Last Name)
  • Communication Data (e.g. Phone Number, E-Mail address)
  • Logfiles
  • IP-Adress (Cloud/ SaaS only)

4. Recipients of Personal Data

We process personal data exclusively for the purposes defined by the data controller. The data may be shared with the following recipients, if applicable:

  • Sub-processors: We may use third-party service providers (sub-processors) to assist in processing personal data. Any such sub-processors are subject to confidentiality obligations and provide adequate data protection measures.
  • Legal Obligations: Personal data may be disclosed if required by law or to fulfill legal obligations.

5. Data Transfers to Third Countries

Data is only transferred to third countries (countries outside the European Union (EU) or the European Economic Area (EEA)) if this is necessary for the performance of the service contract or if the data controller has expressly requested us to do so. If data is transferred to third countries, we ensure that appropriate protective measures (e.g. standard contractual clauses) are in place. We only transfer data to recipients who ensure the protection of your data in accordance with the provisions of the GDPR for transfers to third countries (Art. 44 to 49 GDPR).

6. Data Retention, Duration of Storage

As a data processor, we retain personal data for the duration specified by the data controller. Once the data is no longer required for the specified purposes, it will be deleted or anonymized in accordance with the data controller’s instructions.

7. Rights of Data Subjects

Data subjects (individuals whose data is processed) have the following rights, which should be exercised with the data controller:

  • Recht auf Auskunft (Art. 15 DSGVO): Request information about the personal data being processed.
  • Recht auf Berichtigung oder Löschung (Art. 16 + 17 DSGVO): Correction or deletion of inaccurate or irrelevant personal data.
  • Recht auf Einschränkung der Verarbeitung (Art.18 DSGVO): Request to limit the processing of personal data under certain circumstances.
  • Recht auf Datenübertragbarkeit (Art 20 DSGVO): Request the transfer of personal data to another data controller.
  • Recht auf Widerspruch gegen die Verarbeitung (Art. 21 DSGVO): Object to the processing of their personal data under certain conditions.

8. Subcontracting and Sub-Processing

As a data processor, we may engage sub-processors to assist in the processing of personal data. We will ensure that any sub-processors meet the same data protection requirements as described in our agreement with the data controller. The list of sub-processors is available upon request.

9. Security Measures

We take appropriate technical and organizational measures to ensure the security of the personal data we process. This includes protecting data from unauthorized access, disclosure, alteration, and destruction.

10. Complaints

If you believe that your personal data has been processed incorrectly, you have the right to lodge a complaint with the data controller or with a supervisory authority. The relevant supervisory authority can be found on the website of the BfDI.

11. Automated decision making

There is no automated decision-making that could have legal consequences for the user.

12. Other

This Privacy Policy will be reviewed regularly and updated as necessary, especially if there are changes in data processing. The latest version will always be available on this page.