Privacy Policy

Privacy Policy

Last updated: December 17, 2018

b2bApps GmbH  (“us”, “we”, or “our”) operates the https://www.sales-tool.net website and the SalesTool mobile application (the “Service”).

This page informs you (“user”) of our policies regarding the collection, use and disclosure of Personal Information when you use our Service, if this is consistent with the current data protection law.

We will not use or share your information with anyone except as described in this Privacy Policy.

We use your Personal Information for providing and improving the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions.

If you do not agree to this privacy policy, they are not authorized to use our services.

1. Collection and use of Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to  identify you. Personally identifiable information may include, but is not limited to, your email address, name, phone number, postal address and other information (“Personal Information”), who identify them as a person or make them identifiable.

SalesTool collects a variety of information that processed for the above purposes. We process your information when necessary to provide you with the Services that you have requested when accepting our Terms of Service, or where we have obtained your prior consent, or where we have a legitimate interest to do so. For example, we may have a legitimate interest to process your information for security, testing, maintenance, and enhancement purposes of the Services we provide to you, or for analytics, research, and reporting purposes. Without your information, we cannot provide you with the Services you have requested or you may be limited in your use of the Services.

1.1 Information, you Provide to us

SalesTool collects information from you through:

  • The SalesTool Services that you use
  • Requests or questions you submit to us via forms or email (e.g., support forms, sales forms, user research participation forms)
  • Your communications and dealings with us
  • Uploads or posts to the Services
  • Requests for customer support and technical assistance
  • Your participation in SalesTool sweepstakes, contests, or research studies

Information from and about you

The types of data we collect directly from you may include:

  • Any email requests or questions you submit to us
  • User-generated content you post in public online SalesTool forums

Content

In using the Services, you may upload or input various types of content, including but not limited to: tasks, attachments, project names, team names, and conversations (together, the “Content”). If you are using the Services in connection with an account created by an SalesTool Customer (e.g., employer, organization, or an individual), we collect and process the Content you submit on behalf of the Customer. As described more throughout this Policy, our Customers, and not SalesTool, determine their own policies regarding storage, access, modification, deletion, sharing, and retention of Content which may apply to your use of the Services. For example, a Customer may provide or remove access to the Services, enable or disable third party integrations, manage permissions, retention and export settings, transfer or assign teams, or share projects. Please check with the Customer about the policies and settings that they have instituted with respect the Content that you provide when using the Services.

Payment Information

If you are a user of our paid service, we will utilize a third party company to collect payment information, including your credit card number, billing address and phone number. The third party service provider, stores your payment information on our behalf. Additionally this information can also be stored by SalesTool.

Information about others

If you choose to use our invitation service to invite a friend to the Services, we will ask you for that person’s contact information, which may include their email address or their social network identity, and automatically send an invitation. SalesTool stores the information you provide to send the invitation, to register your friend if your invitation is accepted, and to track the success of our invitation service.

1.2 Information, we automatically collect

Log files and device Identifiers

We may also collect information that your browser sends whenever you visit our Service or when you access the Service by or through a mobile device (“Log Data”).

This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages and other statistics.

When you access the Service by or through a mobile device, this Log Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use and other statistics.

In addition, we may use third party services such as Google Analytics that collect, monitor and analyze this type of information in order to increase our Service’s functionality. These third party service providers have their own privacy policies addressing how they use such information.

Location information

We may use and store information about your location, if you give us permission to do so. We use this information to provide features of our Service, to improve and customize our Service. You can enable or disable location services when you use our Service at anytime, through your mobile device settings.

Cookies

Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer’s hard drive.

We use “cookies” to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

1.3 Service Providers

We may employ third party companies and individuals to facilitate our Service, to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.

These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

1.4 Information, we collect from Third-Party Integrations

If you choose to use third-party integrations (e.g., OneDrive, Unito, Wufoo, Slack) through the Services or are required to do so by a Customer, such providers may allow us and our service providers to have access to and store additional information about your interaction with those services and platforms as it related to use of the Services. If you do not wish to have this information shared, do not initiate these connections.

1.5 Collection of Information Across Devices

Sometimes, we may use the information we collect — for instance, usernames, IP addresses and unique mobile device identifiers — to locate or try to locate the same unique users across multiple browsers or devices (such as smartphones or tablets), or work with service providers that do this, in order to save your preferences across devices and analyze usage of the Services. If you wish to opt out of our ability to track you across devices, you may install the Google Analytics Opt-out Browser Add-on by clicking here.

1.6 Cookies and similar Technologies

Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer’s hard drive.

To collect the information in the “Information We Automatically Collect” section above, we and our service providers use Internet server logs, cookies, tags, SDKs, tracking pixels, and other similar tracking technologies. A web server log is a file where website activity is stored. An SDK is a section of code that we embed in our applications and software to allow third parties to collect information about how users interact with the Services. A cookie is a small text file that is placed on your computer or mobile device when you visit a site, that enables us to: (i) recognize your computer and login session; (ii) store your preferences and settings; (iii) understand which web pages of the Services you have visited; (iv), enhance your user experience by delivering and measuring the effectiveness of content and advertising tailored to your interests; (v) perform analytics; and (vi) assist with security and administrative functions. Tracking pixels (sometimes referred to as web beacons or clear GIFs) are tiny electronic tags with a unique identifier embedded in websites, online ads and/or email, and that are designed to provide usage information like ad impressions or clicks, email open rates, measure popularity of the Services and associated advertising, and to access user cookies. As we adopt additional technologies, we may also gather information through other methods.

We use “cookies” to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Please note that you can change your settings to notify you when a cookie is being set or updated, or to block cookies altogether. Please consult the “Help” section of your browser for more information (e.g., Internet Explorer; Google Chrome; Mozilla Firefox; or Apple Safari).

1.7 How we use your Information

We use your information (including any information that we collect, as described in this Privacy Policy) for various purposes depending on the types of information we have collected from and about you and the specific SalesTool Services you use, including to:

  • Complete a purchase or provide the services you have requested
  • Respond to your request for information and provide you with more effective and efficient customer service
  • Provide you with product updates and information about products you have purchased from us
  • Provide you with service notifications via email and within the Services based on your notification selections
  • Contact you by email, postal mail, or phone regarding SalesTool and third-party products, services, surveys, research studies, promotions, special events and other subjects that we think may be of interest to you
  • Customize the advertising and content you see
  • Help us better understand your interests and needs, and improve the Services
  • Synthesize and derive insights from your use of different SalesTool products and services
  • Engage in analysis, research, and reports regarding use of our Services
  • Provide, manage, and improve the Services
  • Protect our Services and our users
  • Understand and resolve app crashes and other issues being reported

Content

You can exercise certain control how your Content is used by/shared with others via your settings on the Services. SalesTool may view and share your Content only as necessary

  • to maintain, provide and improve the Service
  • prevent or address technical or security issues and resolve support requests
  • if we have a good faith belief, or have received a complaint alleging, that such Content is in violation of our Acceptable Use Guidelines;
  • as reasonably necessary to allow SalesTool to comply with or avoid the violation of applicable law or regulation;
  • to comply with a valid legal subpoena, request, or other lawful process that meets the requirements of our Law Enforcement Guidelines;
  • as set forth in our Subscription Agreement with the Customer or as expressly permitted in writing by the Customer.

We may also analyze your User Content in aggregate and on an anonymized basis, in order to better understand the manner in which our Service is being used.

Combined Information

You consent that, for the purposes discussed in this Policy, we may combine the information that we collect through the Services with information that we receive from other sources, both online and offline, and use such combined information in accordance with this Policy.

Aggregate/De-Identified Data

We may aggregate and/or de-identify information collected through the Services so that such information can no longer be linked to you or your device (“Aggregate/De-Identified Information”). We may use Aggregate/De-Identified Information for any purpose, including without limitation for research and marketing purposes, and may also share such data with any third parties, including advertisers, promotional partners, sponsors, event promoters, and/or others. By using the Services, you consent to such use.

1.8 Online Analytics and Advertising

Analytics

We use third-party web analytics services (e.g., Google Analytics) on our Services to collect and analyze the information discussed above, and to engage in auditing, research and reporting. The information (including your IP address) collected by various analytics technologies described in the “Cookies and Similar Technologies” section will be disclosed to or collected directly by these service providers, who use the information to evaluate your use of the Services, including by noting the third-party website from which you arrive, analyzing usage trends across SalesTool products and mobile devices, assisting with fraud prevention, and providing certain features to you. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-out Browser Add-on by clicking here.

If you receive email from us, we may use certain analytics tools, such as clear GIFs to capture data such as when you open our message or click on any links or banners our email contains. This data allows us to gauge the effectiveness of our communications and marketing campaigns.

Online Advertising

Third parties or affiliates may administer SalesTool banner advertising programs and other online marketing on non-SalesTool websites and services. To do so, these parties may set and access first-party cookies delivered from an SalesTool domain, or they may use third-party cookies or other tracking mechanisms. For example, a third-party provider may use the fact that you visited the SalesTool website to target online ads for SalesTool services to you on non-SalesTool websites. Or a third-party ad network might collect information on the Services and other websites to develop a profile of your interests and target advertisements to you based on your online behavior. These parties that use these technologies may offer you a way to opt out of ad targeting as described below. You may receive tailored advertising on your computer through a web browser.

If you are interested in more information about tailored browser advertising and how you can generally control cookies from being put on your computer to deliver tailored advertising, you may visit the Network Advertising Initiative’s Consumer Opt-Out link or the Digital Advertising Alliance’s Consumer Opt-Out link to opt-out of receiving tailored advertising from companies that participate in those programs. To opt out of Google Analytics for display advertising or customize Google display network ads, you can visit the Google Ads Settings page. Please note that we do not control any of the above opt-out links or whether any particular company chooses to participate in these opt-out programs. We are not responsible for any choices you make using these mechanisms or the continued availability or accuracy of these mechanisms.

Notice Concerning Do Not Track

There is no uniform or consistent standard or definition for responding to, processing, or communicating Do Not Track signals. At this time the Services do not function differently based on a user’s Do Not Track signal. For more information on Do Not Track signals, see All About Do Not Track.

1.9 How we share your Information

SalesTool and/or b2bApps GmbH will share your information in the following ways:

  • Affiliates and Subsidiaries. We may share all information we collect within the b2bApps GmbH family of companies.
  • Service Providers. We may provide access to or share your information with select third parties who perform services on our behalf. These third parties provide a variety of services to us, including without limitation billing, sales, marketing, provision of content and features, advertising, analytics, research, customer service, shipping and fulfillment, data storage, security, fraud prevention, payment processing, and legal services.
  • Third-Party Integrations. When you initiate a connection with a third-party integration through the Services (e.g., OneDrive, Unito, Wufoo, Slack), we will share information about you that is required to enable your use of the third-party integration through the Services.
  • Business Transfers. If the ownership of all or substantially all of our business changes, we may transfer your information to the new owner so that the Services can continue to operate. In such case, your information would remain subject to the promises and commitments contained in this Privacy Policy until such time as this Privacy Policy is updated or amended by the acquiring party upon notice to you. If such transfer is subject to additional mandatory restrictions under applicable laws, SalesTool will comply with such restrictions.
  • Public Forums. The Services make it possible for you to upload and share comments or feedback publicly (i.e., outside of the SalesTool mobile and web app) with other users, such as on the SalesTool blog. Any information that you submit through such public features is not confidential, and SalesTool may use it for any purpose (including in testimonials or other SalesTool marketing materials). Any information you post openly in these ways will be available to the public at large and potentially accessible through third-party search engines. Such information can be read, collected and/or used by other users, and it could be used to send you unsolicited messages. Accordingly, please take care when using these features of the Services.
  • Aggregate/De-Identified Information. From time to time, SalesTool may share Aggregate/De-Identified Information about use of the Services, such as by publishing a report on usage trends. As stated above, this Policy places no limitations on our use or sharing of Aggregate/De-Identified Information.
  • Consent. We may also disclose your information to third parties with your consent to do so. For example, we will display your Profile Information on your profile page and elsewhere on the Services in accordance with the preferences you set in your account. You can review and revise your Profile information at any time.

1.10 Customer Obligations

End User Conduct; Compliance

Customer is responsible for use of the Service by its End Users and for their compliance with SalesTool’s User Terms of Service. Customer is also responsible for providing any notice and obtaining any consents and authorizations necessary.

Customer will promptly notify SalesTool if it becomes aware of any unauthorized access to Customer’s account or the Service. Only persons who fulfill the requirements of the legally compliant conclusion of a legal transaction are entitled to register with b2bApps GmbH and with SalesTool. In the event that you act as a legal entity, before registering, you confirm that you are authorized to conclude a legal transaction on behalf of the legal entity.

Restrictions

Customer will not rent, sell, resell or lease the Service to any third party;

  • use the Service for any purpose where either the use or the failure of the Service might lead to personal injury, death or physical damage; or
  • disassemble, decompile or reverse engineer the Service or attempt or assist anyone else to do so, unless such restriction is prohibited by law.

Suspension

SalesTool may request that Customer suspend the account of any End User who:

  • violates the User Terms of Service; or
  • is using the Service in a manner that SalesTool reasonably believes may cause a security risk, a disruption to others’ use of the Service, or liability for SalesTool.

If Customer fails to promptly suspend or terminate such End User’s account, SalesTool reserves the right to do so.

Termination of an employee: The customer is responsible for the termination or deletion of the profile and storage of the content upon termination of an employee. SalesTool can not be held accountable for the lost content of the deleted profile.

Indemnification

  • By Customer: Customer hereby agrees to indemnify, defend and hold harmless SalesTool, its licensees and licensors, and their respective employees, contractors, agents, officers and directors (together, the “SalesTool Affiliates”), from and against any and all liabilities, damages, obligations, losses, costs and expenses (including but not limited to reasonable attorney’s fees) (together, the “Losses”) arising from or as a result of any claim by a third party against SalesTool or the SalesTool Affiliates regarding: (i) use of or access to the Service by Customer or its End Users in violation of this Subscriber Agreement or our User Terms of Service; or (ii) any data or Customer Data transmitted or received through, or posted or stored in, Customer’s account.
  • By SalesTool. SalesTool hereby agrees to indemnify, defend and hold harmless Customer and its employees, contractors, agents, officers and directors (together the “Customer Affiliates”), from and against any and all Losses arising from or as a result of any claim by a third party against Customer or the Customer Affiliates to the extent based on an allegation that the Service or SalesTool’s technology used to provide the Service infringes or misappropriates any copyright, trade secret, U.S. patent, or trademark right of the third party. In no event will SalesTool have any obligations or liability under this section arising from: (i) use of the Service in a modified form or in combination with materials not furnished by SalesTool; (ii) use of any third party app developed using SalesTool’s API; or (iii) any content, information, or data provided by Customer, End Users, or other third parties.

1.11 Your Choices

We provide you with a number of choices with respect to the information we collect and use as discussed throughout this Privacy Policy. For example:

  • You can manually access your saved contacts / customers from your mobile device via the “Access contacts” button and transfer them to SalesTool. If you do not want this, there is the possibility that you create the contacts / customers manually. Your data remains only on your device and doesn`t stored on any server.

1.12 Links To Other Sites

Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over, and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

1.13 Children’s Privacy

Only persons who are legally entitled to conclude contracts on their own account are permitted to register with b2bApps Gmbh and its services.

1.14 Our global activities

You accept our information practices, including collecting, using, processing, and sharing your information as described in this Privacy Policy, as well as processing and transmitting your information worldwide, wherever we have facilities, service providers, and partners, no matter where ours Use services. You acknowledge that the laws, rules and standards of the country where your information is stored or processed may differ from those of your country.

Your information, including Personal Information, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.

If you are located outside Austria and choose to provide information to us, please note that we transfer the information, including Personal Information, to Austria and process it there.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

1.15 Your Rights

If you want to learn more about the information collected through the Services, or if you would like to access or rectify your information and/or request deletion of information we collect about you, or restrict or object to the processing of your information, please contact us using the contact information below.

How long we store your Information

We will retain your information for the period necessary to fulfill the purposes outlined in this Policy unless a longer retention period is required or permitted by law.

1.16 Security

The security of your Personal Information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.

1.17 Changes To This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

1.18 Information, correction, cancellation and opposition

Pursuant to Art. 15 EU-GDPR, you have the right at any time to obtain information about the data stored about you as well as the right to correct and delete these data (Art. 16 or Art. 17 para. 1). Upon request, b2bApps GmbH will inform you in writing which personal data is stored. This information is free of charge. Furthermore, according to Art. 21 EU-DSGVO, a right of objection exists with which you can revoke your consent to the use of your personal data at any time with effect for the future towards b2bApps GmbH.

With an email to support@sales-tool.net you can get information about your stored data or revoke your consent.

1.19 Contact Information

If you have any questions about these Terms, please contact us at support@sales-tool.net or visit our website: www.sales-tool.net.

2. SalesTool`s Cookies Policy

2.1 Cookies

Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer’s hard drive.

We use “cookies” to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

2.2 Third-Party Cookies

Please note that third parties (including for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies on our Services. We used trusted partners like DoubleClick and Google AdWords to help us service advertising. We also use Google Analytics on our Services to help us analyze how our Services are used. Google Analytics uses performance cookies to track visitor interactions. For example, by using cookies, Google can tell us which pages our users view, which are most popular, what time of day our websites are visited, whether visitors have been to our websites before, what website referred the visitor to our websites, and other similar information.
We have little control over these “third party” cookies, so we suggest that you check the respective privacy policies for these external services to help you understand what data these organizations hold about you and what they do with it.

2.3 Web Beacons

We may also use electronic images known as web beacons on our Services – sometimes called “clear GIFs”, “single-pixel GIFs”, or “web bugs”. Web beacons are used to deliver cookies on our Services, count clicks/users/visitors, and deliver co-branded content or services. We may include web beacons in our promotional e-mail messages or newsletters to determine whether messages have been opened and acted upon. Our Services may also contain web beacons from third parties to help us compile aggregated statistics regarding the effectiveness of our promotional campaigns or other website operations. These web beacons may allow the third parties to set or read cookies on your device.

2.4 Controlling Cookies

There are a number of ways you can manage what cookies are set on you devices. Essential cookies, however, cannot be disabled. If you do not allow certain cookies to be installed, the Services may not be accessible to you and/or the performance, features, or Services of the website may be compromised.

2.5 Do Not Track Signals

There is no uniform or consistent standard or definition for responding to, processing, or communicating Do Not Track signals. At this time the Services do not function differently based a user’s Do Not Track signal. For more information on Do Not Track signals, see All About Do Not Track.

2.6 More Information

If you have any questions about how we use cookies, you can contact us at support@sales-tool.net.

3. Proof of technical and organizational measures for privacy policy.

The technical and organizational steps that are intended in this privacy policy:

3.1. Introduction

3.1.1. This document describes the technical and organizational steps for the protection of personally identifiable information in the context of the activities of b2bApps GmbH.

3.1.2. The technical and organizational steps are constantly adapted to the current legal situation of data protection and according to the current “state of the art”.

3.1.3. Personally identifiable information are processed in the b2bApps GmbH in a way that

  • Confidentiality is maintained (only authorized persons receive access)
  • The integrity is preserved (only authorized persons can make changes)
  • The availability granted (if personally identifiable information are stored within the b2bApps GmbH due to contractual principles, these data remain available as contractually regulated)

3.1.4. All employees of b2bApps GmbH are obliged to comply with the requirements of this document regarding “Technically Organizational Steps for Data Protection” and the associated safety standards.

3.1.5. All employees of the b2bApps GmbH with data access were obligated in writing by the data secrecy by signing the employment contracts.

3.2. Technical-Organizational Measures

The following sections define the current security measures. For the b2bApps GmbH it is a concern to improve or increase this any time and reserves the right to do so any time. This can lead to the individual measures being replaced by others, but serving the same security objective.

3.2.1. CONFIDENTIALITY, PSEUDONYMIZATION AND ENCODING

3.2.1.1. Access control: Unauthorized access to buildings or rooms with data processing systems, with which personal data is processed or used, must be denied (access control).

Measures: b2bApps GmbH only uses services from Amazon Web Services for data processing and does not operate its own data processing systems. All AWS Services will comply with the General Data Protection Regulation (DSGVO) as of the effective date of 2018 (https://aws.amazon.com/en/compliance/gdpr-center) and thereby comply with access control requirements.

3.2.1.2. Access control: Actions that prevent data processing systems from being used by unauthorized persons.

Measures: Multiple levels of authorization are used to provide access to sensitive systems. There are processes that require users to be added, deleted, or customized only with appropriate permission. All users access the systems of b2bApps GmbH with individual user IDs. B2bApps GmbH has processes to ensure that requested changes to authorizations are carried out in accordance with the guidelines (e.g. No rights are granted without authorization). If a user leaves the company the access rights are canceled. b2bApps GmbH has a policy that requires regular changing of passwords. Personalized user IDs are assigned for authentication. Passwords are stored encrypted. A password change is technically enforced for the domain password after 3 months at the latest. It meets the requirements of complex passwords. b2bApps GmbH ensures that default passwords are changed before commissioning. Employees of the b2bApps GmbH were sensitized, don`t leave any technical equipment such as company laptops unattended and unprotected in operation. There is also a timed automatic logout for each computer. The b2bApps GmbH uses virus scanners at the transitions to the company network (email account), as well as on all file servers and on all single-user computers. Security-relevant software updates are regularly and automatically updated.

Employees of b2bApps GmbH primarily use company laptops equipped with the strict security measures shown in this document.

The encryption of personal data when saving on the data processing systems is carried out continuously with AES256 (EBS / S3 / Glacier / RDS).

3.2.1.3. Access Control: Ensures that those entitled to use a data processing system can only access data subject to their access rights and that personal data can not be read, copied, altered or removed without authorization during processing, use and after storage.

Measures: Access to personally identifiable information, confidential or otherwise sensitive information is restricted to persons who are authorized to do so due to their provision of services: Employees or service providers only receive access to the information they need to complete the work task. For this 2bApps GmbH uses authorization concepts. All personal, confidential or otherwise sensitive information will be protected in accordance with relevant security policies. Confidential information must be treated confidentially. Employees of b2bApps GmbH are informed about data secrecy and commit themselves to signing the employment contracts in writing. Employment contracts of b2bApps GmbH also contain an explicit reference to this obligation. All productive servers are operated in corresponding data centers/server rooms. The security of applications that process personal, confidential or otherwise sensitive information is reviewed on a regular basis. b2bApps GmbH carries out internal and external security checks and penetration tests of IT systems. b2bApps GmbH prohibits the installation of personal software not approved by b2bApps GmbH and uses proven client management software. Employees who use the company laptops receive specially created user IDs that do not have administration rights. The administration of user rights is done by a deliberately reduced number of system administrators. Pseudonymisation: If possible for the respective data processing, the primary identification features of the personal data in the respective data application are removed and stored separately. b2bApps GmbH works with classification schemes that are classified in the categories secret / confidential / internal and public.

3.2.2. INTEGRITY

3.2.2.1. Relay control: Ensures that personal data can not be illegally read, copied, altered or removed during electronic transmission or during its transport or storage on data carriers. It may be examined and ascertained at which points a transfer of personal data by means of data transmission is envisaged.

Measures: The encryption of data transmission from the network of b2bApps GmbH to other, external networks is guaranteed. The Communication is encrypted by default with 256-bit over HTTPS (SSL / TSL).

3.2.2.2. Input control: It is possible to check and determine if and by whom personal data has been entered, changed or removed in data processing systems.

Measures: b2bApps GmbH only allows authorized persons to access personal data within the framework of their work task.

3.2.3. AVAILABILITY AND RESILIENCE

3.2.3.1. Availability control: To ensure that personal information is protected against accidental destruction or loss.

Measures: b2bApps GmbH has backup processes and other measures to restore the availability of mission-critical systems at short notice if needed. Emergency processes and systems are tested regularly. Firewalls or other network security techniques are used. Individual deletion periods are met for both metadata and logfiles.

3.2.4 REGULARLY TESTING, ASSESSING AND EVALUATING

3.2.1.6. Order control: To ensure that personal data processed in the order can only be processed in accordance with the instructions of the client.

Measures: b2bApps GmbH has controls and processes to check compliance with the fulfillment of the contract by b2bApps GmbH and its service providers. Customer information is classified as “confidential” in principle. All employees and partners of b2bApps GmbH are contractually obliged to respect the confidentiality of all sensitive information, including information about trade secrets of customers and partners of b2bApps GmbH. There is a constant sensitization of the employees of b2bApps GmbH.

3.2.1.8. Separation control: Ensures that data collected for different purposes can be processed separately.

Measures: b2bApps GmbH uses the technical possibilities of the software used (client or tenant concept, separation of the system landscape according to production, quality, test and development systems) as the basis of the separation control.

3.3. Payment service

About our services you have the option to trigger booking process. As far as this is necessary for the fulfillment of the contract, data are also handed over to our payment service providers or the bank responsible for the payment processing. The scope of the data is limited to the minimum required for the purpose of contract execution.

For billing, we use Chargebee, a service of Chargebee Inc., 340 S Lemon Avenue, # 1537, Walnut, California 91789, USA. For more information about Chargebee’s privacy, visit https://www.chargebee.com/privacy.html.

3.4. Amazon Web Services

To deploy the application, we use Amazon Web Services, a service of Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, United States. The servers rented by us are located in Frankfurt, Germany. Personal data required for the use of the application are stored in encrypted form in databases. For more information about AWS privacy, visit https://aws.amazon.com/data-protection and https://aws.amazon.com/privacy.