Legal

simple system GmbH & Co.KG

Bodenseestraße 29
81241 München
Deutschland

Tel:  +49 89-8208-196-0

info(at)simplesystem.com
www.simplesystem.com

Managing Directors: Andreas Moser, Markus Decker
 
VAT No.: DE214450309
Head Office: Munich, Amtsgericht München (Local Court, Munich), HRA 77206

Disclaimer

The contents of the "simple system" web pages are regularly maintained, updated and are intended for general information.
We assume no liability for the accuracy, completeness or availability of the information accessed on this website.

We accept no responsibility for external links.
Solely the operator is responsible for the content of linked pages.

Data Protection Privacy Policy

Data privacy statement - simplesystem.de and simplesystem.com

simple system GmbH & Co. KG considers the protection of personal data to be an important matter. We protect such data with the help of technical and organisational measures. The following section tells you what kind of information is stored when you visit our website.

The storage of access data while visiting our website.

In accordance with normal practice, the provider’s IP address is logged when the website is visited. This involves recording the date, the time, the pages viewed, the quantity of data transferred, the page from which you visited our website and your computer’s IP address. You can use your browser’s settings to deactivate the storage of cookies. In such a case, we cannot guarantee that you will be able to use all the functions of our websites.

Your rights.

You can, at any time, obtain information from simple system GmbH & Co. KG regarding the data related to you that has been saved by us. Furthermore, you also have the right to amend the data if it happens to be incorrect. If you so desire, your data can also be deleted or locked. You may confidently contact our data protection officer at any time in this regard.

Data that you use to register with us.

When you register with simple system GmbH & Co. KG on simplesystem.com, you acknowledge that we do, for the purpose of initiating and concluding a contract with the suppliers of simple system GmbH & Co. KG which have been listed on our website, collect, save and process personal data [such as companies, names, telephone numbers, e-mail addresses and (if applicable) fax numbers]. You also acknowledge that we then forward this data to the suppliers chosen by you.

Data that we may use to provide you with information.

In order to ensure that we will be able to guarantee that you remain well-informed in the future, you acknowledge that simple system GmbH & Co. KG -as well as our suppliers - may, at the time of registration, send you an e-mail that you can use to sign up for marketing measures or e-mails containing either general information or promotional material. After registration, if you no longer want to receive such material in the future, you can revoke this consent at any time by sending an e-mail to info(at)simplesystem.com.

Data that enables us to pursue self-improvement in your best interests.

We use certain tools in order to ensure that we can improve our services in a targeted manner. An overview of the tools that we use can be found here:

New Relic

Our website, i.e. simplesystem.com, uses the services of New Relic Inc., 188 Spear Street, Suite 1200 San Francisco, CA 94105, USA. New Relic is a web analysis tool that collects the user data of a website, in order to analyse the performance of the website and monitor it. For example, this could be done in order to improve the load times of individual parts of the website. The user data is collected in an anonymised manner. simplesystem.com does not forward users’ personal data to New Relic. New Relic uses cookies for this purpose, which are stored with the site’s users. You can prevent these cookies from being stored at any time by making the appropriate adjustment in your browser’s security settings. New Relic’s data privacy statement can be viewed here: http://newrelic.com/privacy

Our data protection officer - At your service.

Protecting your data is very important to us, as is the task of ensuring that it is stored, used and processed in accordance with the regulations. We have appointed a data protection officer so that we will be able to provide such a guarantee. If you have any questions regarding your data, you can contact the data protection officer at any time by sending an e-mail to datenschutz(at)simplesystem.de.

Agreement

Agreement on the Processing of Personal Data

Between

Customer
- hereinafter also referred to as Principal -

and

simple system GmbH & Co. KG
Bodenseestraße 29
81241 München
- hereinafter also referred to as simple system -
- Principal and simple system hereinafter also referred to as Parties –


1. Object and Duration of the Agreement
 1.1 Object and Duration

 

  1. The Principal uses the internet platform of simple system as a virtual marketplace for the procurement of goods (hereinafter „internet-platform“).  In order to use the platform it is necessary that an individual, personalized access is created for each employee of the Principal. This requires the entry of name and contact data. simple system as a service provider has theoretical access to this personal data.
  2. The duration and termination of this agreement shall be based on the agreement between the parties regarding the use of the internet platform. Termination of the User Agreement automatically terminates this Agreement. An isolated termination of this contract is excluded.

 

2. Specification of the Object of the Agreement, Responsibility

 2.1 Nature and Purpose of the Processing

  1. The Principal uses the internet-platform by accessing the servers of simple system via the internet. For this purpose, it is necessary that the Principal transfers the data specified in this agreement to the servers of simple system, stores it there, processes it further and retrieves it in the course of the use of the software.
  2. simple system will use the Principal‘s data exclusively for the provision, administration and maintenance of the internet platform. simple system has the possibility to access the customer's data and, if necessary, to create copies of them for troubleshooting and data backup purposes.
  3. The data to be processed involves the following types of personal data and categories of data subject:
    1. Employees of the Principal: first name and surname, contact data
    2. Contact persons of the Principal’s suppliers: first name and surname, contact data
  4. Data Processing is exclusively carried out in a member country of the European Union or in another signatory state to the Agreement on the European Economic Area. Notwithstanding the above, simple system is also permitted to process data of the Principal outside the EEA in compliance with the provisions of this agreement. Insofar as data is processed by simple system or its subcontractors in third countries outside the EU, simple system undertakes to comply with the requirements of Chapter V of the GDPR (Art. 44 to 50 GDPR) and to ensure an adequate level of data protection for the data recipient.

 

2.2 Responsibility

  1. The Principal responsible for compliance with the relevant regulations on data protection as regards the Processing.

 

3. Managerial Authority of the Principal

  1. The data processing described in this agreement is to be carried out exclusively within the framework of the agreements and after documented instruction by the Principal. Excepted from this are circumstances in which simple system is obliged to carry out the processing due to binding legal provisions. In such a case, simple system will inform the Principal of those legal requirements prior to processing unless the pertinent legal provision prohibits rendering of such information due to an important public interest.
  2. Principal's instructions shall be given at least in text form. If necessary, the Principal may also give instructions orally. Verbal instructions, however, require immediate confirmation in text form by the client.
  3. simple system must inform the Principal immediately if they are of the opinion that an instruction issued by the Principal infringes on valid data protection regulations. The Processor is entitled to delay the carrying out of an instruction until the instruction is confirmed or changed in writing by a person authorized by the Principal to give instruction.
  4. If an instruction of the client violates regulations for the protection of personal data and if simple system is damaged by this instruction, the client releases simple system from all claims of third parties.

 

4. Duties of simple system

4.1 Technical and Organizational Measures

  1. simple system will organize their business inside of their sphere of responsibility so that the particular demands of data protection are fulfilled.
  2. simple system will take and maintain adequate technical and organizational measures to ensure a level of data protection appropriate to the risk of Processing. A description of the technical and organizational measures taken by simple system is included in this Agreement as Annex 1.
  3. The technical and organizational measures are subject to technical progress and further development. In this respect, simple system is authorized to implement adequate alternative technical and organizational measures as long as the security level provided does not fall below that of the technical and organizational measures determined in Annex 1. Substantial changes must be documented and must be made available to the Principal immediately.

 

4.2 Additional Duties of the simple system

  1. simple system will treat all knowledge of company secrets and data security measures of the Principal which were obtained within the framework of this Agreement as confidential.
  2. simple system ensures that persons authorized for Processing are obliged to maintain confidentiality.
  3. simple systems appointed data protection officer is currently MKM Datenschutz GmbH, Äußere Sulzbacher Str. 124 a, 90491 Nuremberg. Contact person is Fabian Dechent, info@mkm-datenschutz.de; 0911 / 669577-55. 
  4. simple system will inform the Principal immediately in written form in case of infringements upon the regulations on the protection of personal data or in case of infringements of the stipulations set forth in this agreement. simple system will, in agreement with the Principal, take necessary measures to secure the data and to reduce potential negative consequences for the affected persons.
  5. The Processor will support the Principal by providing the required information in the case that the Principal is obliged by legal requirements to provide information to a data subjects.
  6. simple system will inform the Principal immediately of inspections, measures, and investigations made by a supervisory authority.
  7. simple system will inform the Principal immediately if it detects errors or irregularities which have occurred during maintenance or which make it possible for unauthorised persons to access the system.
  8. simple system will inform the Principal immediately in the case that their data becomes endangered by seizure or confiscation, by insolvency or settlement proceedings, or by other events or measures taken by third parties. simple system will immediately inform all persons responsible in this context that the Principal, as entity responsible for the Processing, has sole sovereignty over and property of the data.
  9. simple system maintains a record of their Processing activities which meets the requirements of Art. 30 Paragraph 2 and Paragraph 3 of the GDPR.
  10. simple system supports the Principal in fulfilling the duties to provide information to the respective responsible supervising authorities or to the persons affected by a personal data breach in the sense of Articles 33 and 34 of the GDPR.
  11. simple system supports the Principal in establishing a data protection impact assessment in the meaning of Article 35 of the GDPR with all of the information which the Processor has at their disposal. In the event that prior consultation of the responsible supervising authority is necessary according to Article 36 of the GDPR, the Processor will also support the Principal in doing so.
  12. If simple system has additional expenses as a result of the supporting activities mentioned in subsection 10 and 11, the Principal shall compensate these additional expenses appropriately. 

 

4.3 Correction, Limitation or Deletion

  1. simple system may not autonomously correct, delete or limit the processing of the personal data included in this Agreement, but only in accordance with a documented instruction from the Principal.
  2. If a data subject contacts simple system directly, simple system will immediately forward their request to the Principal.

 

5. Supervision Rights of the Principal

  1. The Principal is authorized to carry out the order supervision as required by law in coordination with simple system or to have it carried out by auditors who will be appointed on a case-by-case basis.
  2. During normal business hours, the Principal shall be entitled to enter the business premises of simple system and to carry out on-the-spot checks in which the Principal’s data is processed. On-site inspections shall be announced by the Principal in good time, usually at least 2 calendar weeks in advance.
  3. simple system is obliged to support the Principal with the inspections.
  4. simple system particularly grants the Principal access to the data processing facilities, data files and other documents in order to enable the Principal to inspect and review the relevant data processing facilities, data files and other documents which are related to the collection or use of the data of the Principal
  5. The control shall be carried out in such a way as to ensure that no business operations of simple system are disrupted and that the confidentiality of trade and business secrets is strictly maintained.
  6. If the Principal exercises his control rights through a third party, the Principal shall be deemed to oblige the third party in writing in the same way as the Principal is obliged to simple system. In addition, the client shall obligate the third party to maintain secrecy and confidentiality, unless the third party is subject to a professional obligation of secrecy. The Principal shall submit simple system the commitment agreements with the third party before carrying out the inspection. The Principal may not commission a competitor or competitor of simple system to carry out the inspection.

 

6. Engagement of Additional Processors (Sub-Contractual Relations)

  1. simple system is authorized to commission further sub-contractors. The sub-contractors listed in Annex 2 are designated and approved as of the creation of this contract. simple system will inform the Principal in advance of every intended order or of the replacement of a sub-contractor already commissioned. 
  2. If sub-contractors are commissioned by the simple system, the contractual agreements with the sub-contractors must be arranged in such a manner that they comply with the requirements regarding confidentiality, data security and data safety between the parties. The Principal is to be granted rights of inspection and supervision in the contracts with the sub-contractors which are in accordance with this agreement and in such a way that the Principal is also granted direct rights against the sub-contractors. simple system is obliged to provide information to the Principal upon request concerning the fundamental content of the contract and the implementation of the data protection obligations by the sub-contractor.

 

7. Reporting of Breaches

  1. simple system will inform the Principal if simple system or persons employed by simple system have infringed upon the regulations regarding the protection of personal data or the stipulations of this agreement or if there are indications that a third party might have unlawfully obtained knowledge of the Principal’s data, or if the integrity or confidentiality of the data of the Principal could be endangered in any other way.
  2. The information on the breach (data security incident) must contain information regarding the time and nature of the incident (including information regarding what data of the Principal is affected and in which way), the EDP system affected, the affected data subjects, the time of discovery, all imaginable consequences of the data security incident, as well as the subsequent measures taken by simple system.
  3. The first report to the Principal is to be provided immediately after the simple system has become aware of the data security incident. simple system will, in consultation with the Principal, take adequate measures to secure the data, as well as to reduce potential negative consequences for those affected by the incident.
  4. The Processor supports the Principal in the issuing of notifications of breaches of the protection of personal data in accordance with Article 33 of the GDPR. The Principal shall reimburse simple system for the additional costs incurred in this context.

 

8. Deletion and Return of Personal Data

  1. Copies or duplicates of the data shall only be made within the scope described in this agreement. After this agreement is terminated, or earlier on written request by the Principal simple system shall hand over to the Principal all documents, processed and used results as well as data files which are in connection with this agreement, or destroy them in accordance with data protection law after prior written consent of the client. The same applies to test and scrap material
  2. Documentation which serves as proof of the order and proper data processing shall be stored by simple system in accordance with the respective retention periods beyond the end of the contract. simple system may transfer this data to the customer for relief after termination of the agreement.

 

9. Liability

  1. If simple system incurs damage (including a fine) due to the violation of provisions governing the handling of personal data which has not arisen in its own area of responsibility and/or area of activity, the Principal shall be fully liable towards simple system. This does not apply if the Principal is not responsible for the infringement. However, an exculpation of the Principal for third parties used by him elsewhere is only possible if the claims against this third party are assigned to simple system..
  2. simple system is exclusively liable for damage resulting from processing carried out by simple system if simple system
    1. does not fulfil or does not duly fulfil a duty specially imposed by the GDPR, or
    2. acts against a legitimate instruction from the Principal.
  3. The parties shall indemnify each other from all claims based on a violation of a legal provision for the protection of personal data, a violation of obligations under this agreement or of the data protection provisions of a performance contract by the other party, its vicarious agents and any suppliers. The indemnity obligation includes in particular damages claimed by third parties, including costs and expenses incurred by the other party in connection with the breach of duty and the defence against third-party claims.
  4. Furthermore, liability is governed by the EU Data Protection Basic Regulation (GDPR).

 

10. Other Regulations

  1. Changes and/or amendments to this Agreement require a written agreement which may also be concluded in electronic format.
  2. The assignment or transfer of rights and obligations arising from this agreement by the Principal, in whole or in part, is not permitted unless the Contractor has previously given his written consent; § 354a German Commercial Code shall remain unaffected.
  3. The contractual relationship and its execution shall be exclusively subject to the laws of the Federal Republic of Germany.  The CISG or parts thereof shall not be applicable.  The venue for all disputes in connection with this agreement shall be Munich.

 

Annexes

Annex 1 –Technical and organisational measures taken by simple system

Annex 1.A – Technical and organisational measures implemented by the data centre service provider

Annex 2: List of further processors

Download Annexes