Receive your discounts everyday
Subscribe
Don't waste your time looking for hours for the best option for you. Subscribe now and easily get the best offers from the web directly into your email box. With Flash Savings Hub the web will be in your hands everyday.What's Flash Savings Hub?
Flash Savings Hub is an online program that searches and collects all the best offers and opportunity the web can offer and send it to its users directly into their inbox. Thanks to our technology and to the huge amount of data we process everyday, Flash Savings Hub can find extactly what our users want. Flash Savings Hub normally sends an email everyday with the best offer. Occasionally Flash Savings Hub can send more than an email a day when it finds another great opportunity that the users can't miss.
To allow its users enjoy their time, Flash Savings Hub endlessly scan the web to find the best options. One day it can find an new exotic place you've never been before, or a romantic weekend in an enchanting european capital city. Or else, the day you feel tired and stressed, Flash Savings Hub will find a massage or a spa just around the corner. And what about your savings? Flash Savings Hub will find the right investment for your money. Or if you don't have plan for the future yet, Flash Savings Hub will address you to the best discount for the new items of the season.
Terms and conditions
Privacy Policy
Thank you for your visit to our website. This privacy policy explains how the owner of this website uses and protects all the information you own in this website when you use this website.This Privacy Statement describes what information we collect online, how that information will be used, the limited conditions under which it may disclose, and what steps are taken to ensure the security of the data. This statement is intended to inform you only about the information that may be charged online due to a visit to our website, and not as a result of following a link from this website to another website or online service. The owner of this website is committed to ensuring that your privacy is protected. Should we ask you for certain information that you can identify with using this website, you can be assured that it will only be used in accordance with this privacy statement. Your right to privacy is of utmost importance to us in building trust and trust in business through the internet.
The owner of this website may change this policy from time to time by updating this page. You will need this page from time to time to make sure you are satisfied with any changes. The starting point is that the provision of personal data is not mandatory. You have at any time the choice or your personal information to enter. However, in order to make use of some of our services, the import of personal data is necessary. If the data entry is requested, it is indicated which data are required to use the service and thus must be filled in and which information can be provided optionally.
Information collected and saved automatically
If you only read, print or download information such as brochures, press releases or reports from this site, no personally identifiable information will be collected about you. We collect and process personal data for the following purposes, including through our (mobile) websites (including apps) operated by us:
For the establishment and execution of an agreement with you to provide you with the agreed services, products and / or information, and to adapt it to your needs and wishes.
To give you the opportunity to post and exchange information on any of the websites, or to contact the other users with the opportunity to contact the site.
When it comes to a paid service, to invoice. We never publish financial data on a website, nor are it made available to third parties for purposes other than the execution of the agreement. For example, if payment is not made for our products or services, we may be able to claim third party claims, such as a collection agency.
To make targeted offers, e.g. by email. For example, on a website or in an app, an ad may be displayed of a product that we suspect that you are interested in based on our data processed. As part of the optimization of making offers, we can compile a profile of you.
Kinds of product we can promote
Automotive
- Test Drives
- Servicing
- Insurance
- Online retail
- General stores
- Automotive (including dealerships and accessories)
- Property
- Home furnishings
- Home improvement
- Fashion and clothing
- Telecoms and utilities
- Pensions
- Loans, credit cards and mortgages
- Investments & savings
- Claims Companies
- Online Betting
- Online Casino
- Online Poker
- Lottery
- Home
- Car
- Travel
- Pet
- Personal
- Health
- Life
- Other insurances
- Holidays
- Hotel
- Airlines
- Travel booking
- Health & Well-being
- Fitness
- Charities
- Media & publishing companies
- Leisure
- Gaming
- Gambling
- Legal Services
- Educational institutions
- Compensation, Legal Services and Personal Injury
- Injury Compensation Services
- Charity
- Food and Drink
- Groceries
- Home delivered meals
To send you a newsletter, offer, user information, service message or other electronic message.
We can rent NAW data to third parties who can offer you products, services or information (see "Sharing and disclosing personal information").
To analyse, maintain, optimize and safeguard our websites and associated technologies and to combat fraud.
To comply with our statutory laws and regulations and to deal with disputes and to conduct (auditors) control.
To conduct market research and to compile management information for product and service development and to determine (general) strategy.
We keep your personal data in principle as long as required for the above purposes, or to comply with statutory (keep) duties.
Log Files
Our general web server automatically collects certain information about your visit and stores it in a default log file. When you request a web page through your browser, navigation and other data are collected and stored in a log and / or database. This information can not be used to identify you personally and consists of the following components:
- The web server you are accessible during your visit
- The web page (s) you have visited
- The date, time and duration of your visit
- Your IP address (an IP address is a number assigned automatically to your computer whenever you browse the internet) from which you access the website
- Your name and version Internet browser
Cookies - How do we use cookies
Cookies are simple small text files that are stored on the hard disk or in your computer's memory. Cookies can not damage your computer or the files on your computer. Cookies can be recognized on our websites if you visit them again. For example, we use cookies to track what products you have in your shopping cart or to capture the preferences you have set for a particular service or web page. In addition, we use cookies for statistical purposes. Among other things, to see how often a website is visited, which website (s) visitors come from and which pages are visited on a website. In addition, we may use cookies (depending on the permission) to match ads on the websites you visit to better match your needs and interests, to prevent you from seeing a particular ad too often and to record how often an ad is being Displayed.
We make use of session cookies, these are automatically deleted when you close your internet browser. We also use a so-called unique ID cookie to recognize an Internet user as a unique visitor. This cookie has a lifetime of one year on most of our websites, which means that it will disappear automatically as soon as you visit none of our websites for more than one year. Finally, we can use temporary cookies (depending on the permission obtained). These temporary cookies register your browsing behavior on our websites for up to ninety days. When you contact one of our websites for the nineteenth day, day one data disappears from the cookie. The information obtained through these cookies will be automatically deleted 180 days after your last visit.
If you make it impossible to place cookies (via your browser settings), certain features may not work or you may not be able to use certain services. As mentioned earlier, personal data processed by us may be exchanged with group companies and combine your personal data with data collected in connection with your purchase or use of our products or services (or group company products or services), including cookies Collected browsing data.
Among other things, Google and its group company present DoubleClick on behalf of our ads on our websites. They also place cookies on your computer. The use of cookies by other companies applies to the privacy and cookie policy of the particular company. Advertisers or other companies can not access our cookies. You can decide at any time whether you want to accept or decline cookies or you want your browser to notify you when a cookie is placed. If you want to change your preferences for accepting or denying certain categories of cookies on our sites, you can always access the page you can change your settings using the Privacy and Cookie Policy link at the bottom of each page. If you want to accept or decline a certain category of cookies from certain parties, then you can. For example, you can opt out of http://www.google.com/privacy_ads.html to post cookies by Google and its group companies and http://www.youronlinechoices.eu/en can opt out of posting Cookies by other ad networks that advertise ads through our websites.
Check your personal information
You may choose to restrict the collection or use of your personal information in the following ways:
When you are asked to fill out a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anyone for direct marketing purposes
If you have previously agreed to the use of your personal data for direct marketing purposes, you can change at any time by writing to or sending email to support@loudingads.com
We will not sell, distribute or rent your personal information to third parties unless we have your permission or are legally required to do so. We may use your personal information to provide you with promotional information about third parties that we think may be of interest to you if you tell us you want this to happen.
This policy is subject to change
This policy can be modified or revised from time to time, so come back to your website regularly in advance of significant changes in how information from visitors to this website may be collected, used, or distributed. Any information collected under this current policy will remain bound by the terms of this Privacy Policy. After the changes come into effect, collected all new information, if applicable, will be subject to the revised privacy policy.
Data Processing
Agreement on Processing of Personal Data in Orders According to Art. 28 Para.3 General Data Protection Regulation (GDPR) (Order Data Processing)1. Preamble
The conclusion of this agreement on processing data on behalf of the European General Data Protection Regulation (GDPR), which will enter into force on the 25th of May 2018. Against this background, the parties conclude the following agreement in order to ensure that data processing for the provision of services can continue to take place in a legally compliant manner in the future. The Client entrusts the Contractor with processing personal data. The provisions of this agreement apply to this order processing within the meaning of Art. 28 of the General Data Protection Regulation (GDPR).
2. Subject and Duration of the Contractual Order
Subject of the Order
The subject of the contractual order for data processing is the performance of the following tasks by the Contractor:
- Execution of performance-oriented email transmissions to the address databases of the order processor
Duration of the Order
The contractual order is not time-limited and can be terminated by either party with 30 days' notice to the end of the month. The possibility of termination without notice shall remain unaffected.
3. Concretisation of the Content of the Contractual Order
Scope, type and purpose of the proposed data processing
Before sending an email, the Client regularly provides blacklists with email addresses. Emails cannot be sent to the email addresses contained therein are by the order processor. It is also possible that before an email campaign is carried out, a customer list supplied by the Client must be compared against the customer base of the order processor, e.g. in order to exclude existing customers from the advertising campaign.
a) Place of data agreement: The contractually agreed service is provided in principle and exclusively within the territory of the Federal Republic of Germany, in a member state of the European Union or in another contracting state to the Agreement on the European Economic Area. Any movement of data to a third country requires the prior consent of the client and is subject to compliance with the special statutory requirements.
b) The blacklists and customer lists are delivered by the Client in accordance with the currently valid data protection regulations and the Client bears full responsibility for the organisational/technical measures for this.
Type of Data
The subject of the personal data processing is the following types / categories of data
- Personal master data (e.g. title, first name, surname, street, house number, postcode, city)
- Communication data (e.g. email)
Categories of Data Subject
The categories of data subjects covered by the processing:
- Customers
- Interested parties
- Advertising blocks
- Former complainants
4. Technical and Organisational Measures
a) The Contractor shall document the implementation of required technical and organisational measures set out prior to the placing of an order before the start of processing, particularly with regard to the execution of the specific order as a one-time standard procedure and shall pass this on to the Client for review.
Upon acceptance of the order by the Client, the documented measures become the basis of the order. If the Client's review results in a need for adjustment, this must be implemented by mutual agreement. b) The Contractor must provide the security according to Art. 28 para. 3 letter c, 32 EU GDPR in particular in conjunction with Art. 5 para. 1, para. 2 EU GDPR, insofar as within their sphere of influence. Overall, the measures to be taken are data security measures, which are taken to ensure a level of protection appropriate to the risk with regard to the confidentiality, integrity, availability and resilience of the systems. On this point, the state of the art, the costs of implementation, the nature, scope and purposes of processing, and the varying likelihood and risk severity for the rights and freedoms of natural persons in the sense of Art. 32 para. 1 EU GDPR must be taken into account.
c) Technical and organisational measures are subject to technical progress and further developments. In that regard, the Contractor is permitted to implement adequate alternative measures. The security level of the specified measures must be adequate. Significant changes must be documented once as a standard procedure.
5 Correction, Restriction and Deletion of Data
a) The Contractor may not correct, delete or restrict the data processing of the data which is processed in the order on his own authority, but only in accordance with the documented instructions of the Client. Excluded from this are blacklists, complaint lists, customer lists, etc. which are generally deleted by the Contractor after completion of the order without requiring the instructions of the Client. If a data subject contacts the Contractor directly in this regard, the Contractor shall immediately forward their request to the Client as soon as the Client provides the Contractor with a communication channel conforming to the requirements of the Data Protection Act (e.g. login with access data).
b) Insofar as it is included in the scope of services, the deletion concept, the right to be forgotten, correction, data portability and information shall be ensured directly by the Contractor in accordance with the documented instructions of the Client.
6. Rights and Obligations as well as the Client's Authority to Issue Instructions
1. for the assessment of the admissibility of the processing according to Art. 6 para. 1 GDPR as well as for safeguarding the rights of the data subjects in accordance with Art. 12 - 22 GDPR. Nevertheless, the Contractor is obliged to immediately forward all such inquiries to the Client, provided that they are clearly addressed exclusively to the Client.
2. Changes to the subject of processing and changes to procedures shall be agreed jointly between the Client and the Contractor and specified in writing or in a documented electronic format (email is sufficient).
3. The Client shall issue all orders, partial orders and instructions in writing or in a documented electronic format (e-mail is sufficient). Verbal instructions must be confirmed immediately in writing or in electronic text form.
4. Prior to the start of processing, and then regularly and in an appropriate manner, the Client is entitled to satisfy themselves of the compliance with the technical and organisational measures taken by the Contractor and with the obligations laid down in this agreement.
5. The Client shall inform the Contractor immediately if errors or irregularities are noticed during the verification of the order results.
6. The Client is obliged to treat all knowledge of business secrets and data security measures obtained by the Contractor as confidential under the terms of the agreement. This obligation shall continue even after this agreement has been terminated.
7. The Client is responsible for the permissibility of data collection, processing and use. This also applies to the obligations of the Client under the Law against Unfair Competition (in particular to obtain consent in accordance with § 7 UWG) and the Telecommunications Secrecy Act (§ 88 TKG). The Contractor points out that no advertising in violation of legal regulations may be sent by the Client. 8. Responsibility for data processing; the Client bears the responsibility for processing and is responsible to third parties for compliance with the provisions of the data protection laws. The Client is responsible for his own assessment of the admissibility of order data processing and the order under data protection law. If the Client is of the opinion that the processing carried out by the Contractor violates the Client obligations, they must point this out to the Contractor and ensure that the data processing complies with the law by issuing appropriate instructions.
9. The Client is solely responsible for the lawful data collection (consent by double opt-in procedure or according to §7 para. 3 UWG etc.) and the secure transmission of data to the Contractor for the purpose of data processing within the scope of this agreement. The Client assures that they shall only collect and provide to the Contractor such data from their customers and users who have explicitly consented to such collection, processing and, if applicable, evaluation. In particular, the Client is aware that an evaluation of personal data (e.g. response data such as opening emails and clicks) of a recipient within the scope of 'tracking' is only possible if the Client confirms to the Contractor that they have the consent of the respective recipient for the evaluation of their personal data.
10. Notification and instruction obligations: In the event of a direct request for information, notification, warning or instruction from the supervisory authority in accordance with Art. 58 GDPR, the Client must support the Contractor and ensure that the official request can be complied with in accordance with this agreement.
7. Quality Assurance and Other Obligations of the Contractor
The Contractor has additional legal obligations under Art. 28 to 33 EU GDPR to comply with the provisions of this order; in this respect, they guarantee particular compliance with the following requirements: a) Written appointment of a data protection officer who shall perform their duties in accordance with Art. 38 and 39 of the EU GDPR if obliged to do so.
- Whose details will be communicated to the Client for the purpose of direct contact. The Client must be informed immediately of any change to the data protection officer.
- Details of appointed data protection officer(s) must be provided to the Client with full name and contact details [title, first name, surname, organisational unit, telephone, e-mail]. A change in data protection officer must be communicated to the Client immediately.
The Contractor's current contact details are easily accessible on the Contractor's homepage.
b) If the Contractor is not obliged to appoint a data protection officer, the Client shall be informed of a contact person with full name and contact details [title, first name, surname, organisational unit, telephone, e-mail] by the Contractor.
c) The maintenance of confidentiality in accordance with Art. 28 para. 3 clause 2 letter b, 29, 32 para. 4 EU GDPR.
In carrying out work, the Contractor shall exclusively use employees who are bound to confidentiality, and who have previously been familiarised with the relevant data protection provisions. The Contractor and any person under their authority who has access to personal data may only process such data exclusively in accordance with the instructions of the Client, including the powers granted in this Contract, unless they are legally obliged to process it.
d) The implementation and observance of all technical and organisational measures required for this contract in accordance with Art. 28 para. 3 clause 2 letter c, 32 EU GDPR
e) The Client and the Contractor shall, upon request, cooperate with the supervisory authority in the performance of their tasks.
f) Immediate information from the Client as to control procedures and measures taken by the supervisory authority in so far as they relate to this order. This also applies insofar as a competent authority is conducting an investigation in the context of an administrative offence or criminal procedure with regard to the processing of personal data in the processing of orders with the Contractor.
g) If the Client is subject to an inspection by the supervisory authority, administrative or criminal proceedings, the liability claim of a data subject or a third party or any other claim in connection with the processing of the order with the Contractor, the Contractor must support them to the best of their ability.
h) If the Contractor is subject to an inspection by the supervisory authority, an administrative offence or criminal proceedings, the liability claim of a data subject or a third party or any other claim in connection with an order with the Client, the Client must provide services without restriction and free of charge.
i) The Contractor shall regularly monitor internal processes and technical and organisational measures to ensure that processing within their area of responsibility is carried out in accordance with the requirements of the applicable data protection legislation and that the rights of the data subject are protected.
j) Verifiability of the technical and organisational measures taken by the Client within the framework of their controlling authority.
k) The Contractor shall process personal data only under this agreement and under the instructions of the Client, unless they are required to do so by the law of the Union or the Member States to which the order processor is subject (e.g. investigations by law enforcement or state protection authorities), in which case the order processor shall inform the controller of these legal requirements before processing, unless the law in question prohibits such communication on grounds of an important public interest (Art. 28 para. 3 clause 2 letter a GDPR).
l) The Contractor shall not use the data provided for processing for any other purposes, in particular not for their own purposes. Copies and duplicates shall not be created without knowledge of the Client. m) The Contractor guarantees that they will undertake all measures agreed for contractual processing in the field of the processing of personal data in line with the order. The Contractor also guarantees that the data processed will be kept separate from other data in their possession.
n) Dedicated data carriers that originate from the Client or are used for the Client shall be specially marked. Input and output as well as the current use are documented.
The Contractor must cooperate to the extent necessary in fulfilling the rights of the data subjects in accordance with Art. 12 - 22 GDPR by the Client, in the creation of the processing directory, as well as in required data protection impact assessments carried out by the Client, and assist the Client appropriately, as far as possible (Art. 28 para. 3 clause 2 letter a GDPR).
6. The Contractor shall draw the Client's attention to the fact that an instruction issued by the Client violate legal requirements (Art. 28 para. 3 clause 3 GDPR). The Contractor is authorised to suspend implementation of the corresponding instruction until it is confirmed or modified by the responsible personnel of the Client following examination.
q) The Contractor must correct or delete personal data from the order, or restrict its processing if the client demands this by means of instructions and if the legitimate interests of the Contractor do not oppose this.
r) If a data subject addresses the Contractor with claims for correction, deletion or information, the Contractor shall refer the data subject to the Client, provided that it is possible to allocate the data subject to the Client according to their data. The Contractor shall immediately forward the request of the data subject to the Client. The Contractor shall support the Client within the scope of his possibilities and upon instruction, to the extent agreed upon. The Contractor shall not be liable if the Client does not respond to the request of the data subject, does not respond correctly or does not respond in due time.
s) Should inspections be necessary in individual cases by the Client or an auditor commissioned by the Client, they shall be carried out during normal business hours without disrupting operations after notification, taking into account an appropriate lead time. The Contractor may make them subject to prior notification with a reasonable lead time and to the signing of a confidentiality agreement with regard to the data of other customers and the technical and organisational measures set up. If the inspector commissioned by the Client is in a competitive relationship with the Contractor, the Contractor has a right of objection against them.
t) Costs incurred by the Contractor as a result of their active support shall be reimbursed to them to an appropriate extent. The cost of an inspection is generally limited to one day per calendar year for the Contractor.
u) The Contractor confirms that they are aware of the relevant data protection regulations of the GDPR for order processing. The Contractor further assures that they familiarise the employees employed during the execution of the work with the relevant provisions of data protection before starting the work and obliges them to maintain secrecy for the time of their work as well as after termination of the employment relationship in an appropriate manner (Art. 28 para. 3 clause 2 letter b and Art. 29 GDPR). The Contractor monitors compliance with the data protection regulations in their company. 8. Authorised Representatives of the Client and the Contractor
a. Both the Client and the Contractor provide the respective authorised person or recipient of the instructions with complete contact data.
b. If the contact person changes or is unable to work for a longer period of time, the contractual partners must be informed immediately and in principle in writing (email is sufficient) of the successor or representative.
9. Subcontracts
a) Subcontractual relationships within the meaning of this provision are understood as those services which relate directly to the provision of the main service.
Such services, which the Contractor makes use of with third parties as an ancillary service to assist in the execution of the order, should not be understood as a subcontractual relationship for the purposes of this regulation. These include, for example, telecommunications services, maintenance and user services, cleaning staff, inspectors or the disposal of data carriers as well as other measures to ensure the confidentiality, availability, integrity and resilience of the hardware and software of data processing systems.
However, the Contractor shall be obliged to undertake appropriate and legally binding contractual agreements and control measures to ensure the data protection and the data security of the Client's data, including in the case of outsourced ancillary services.
b) The Contractor may only commission subcontractors with prior explicit written or documented consent of the Client. Excluded from this are technical service providers based within the EU.
c) The transfer of the Client's personal data to the subcontractor and commencement of their initial activities are only permitted if all requirements for subcontracting are met.
d) If the subcontractor performs the agreed service outside the EU/EEA, the Contractor shall take appropriate measures to ensure the admissibility under data protection law.
e) Further outsourcing by the subcontractor is not permitted; all contractual provisions in the contractual chain must also be imposed on the other subcontractors.
f) At present, the subcontractors specified in Appendix 2 with name, address and order content, are engaged in processing personal data for the Contractor to the extent specified therein. The Client has agreed to their appointment.
The Contractor shall always inform the person responsible of any intended change in regard to the addition of new or the replacement of existing subcontractors, giving the customer the opportunity to appeal such changes (§ 28 para. 2 clause 2 GDPR).
10. Control Rights of the Client
a) The Client is entitled to carry out inspections in consultation with the Contractor or to have them carried out by inspectors to be appointed in individual cases. They have the right to conduct periodic random checks, which, as a rule, must be notified in good time, to ensure compliance with this agreement by the Contractor in their business operations.
b) The Contractor shall ensure that the Client can satisfy themselves of the Contractor's compliance with the obligations in accordance with Art. 28 of the GDPR. The Contractor is required to provide the necessary information to the Client on request and to demonstrate in particular the implementation of the technical and organisational measures.
c) Proof of such measures, which do not only relate to the specific order, may be provided by:
compliance with approved rules of conduct in accordance with Art. 40 EU GDPR;
certification according to an approved certification procedure according to Art. 42 EU GDPR;
Current certificates, reports or report extracts from independent bodies (e.g. data protection officer, IT security department)
a suitable certification by IT security or data protection audit (e.g. according to BSI Basic Protection)
or other appropriate measures as decided by the Contractor
11. Supporting the Client in Fulfilling their Obligations
a) The Contractor shall assist the Client in complying with the obligations set out in Articles 32 to 36 of the GDPR concerning the security of personal data, notification obligations in the event of data breaches, data protection impact assessments and prior consultations. In particular this includes:
- ensuring an adequate level of protection through technical and organisational measures which take into account the circumstances and purposes of processing as well as the predicted probability and severity of a possible infringement of rights due to security gaps, and which enable an immediate determination of relevant infringement events
- the obligation to report violations of personal data to the Client without delay,
- the obligation to support the Client in the scope of their duty to inform the data subject and to make all relevant information available to them in this connection without delay,
- supporting the Client in their data protection impact assessment and
- supporting the Client in the scope of prior consultations with the supervisory authority.
b) The Contractor shall claim remuneration for support services.
12. The Client's Authority to Issue Instructions
a) The Client shall immediately confirm verbal instructions in text form.
b) The Client must inform the Contractor without delay if they are of the opinion that an instruction violates data protection regulations. The Client shall be entitled to suspend the execution of the relevant instruction until it has been confirmed or changed by the person responsible.
13. Deletion of Data and Return of Data Media
a) Copies and duplicates shall not be created without knowledge of the Client. This excludes backups, if they are necessary to ensure proper data processing, as well as data that is required in order to comply with legal retention requirements.
b) Upon completion of the contractual work, or earlier, if requested by the Client – but no later than termination of the Service Agreement – the Contractor shall destroy all documents of the Client which have come into their possession, drafted processing and user results and all data resources that are related to the contractual relationship or destroy them in line with data protection regulations. The same applies to testing and excess material.
Documentation that serves as proof of order-compliant and proper data processing must be kept by the Contractor in accordance with the respective retention periods beyond the term of the Agreement.
14. Liability
The Contractor is only liable to the Client within the scope of Art. 82 para.2 clause 2 GDPR and only if the Contractor culpably violates an obligation imposed on the by the GDPR.
The liability of the Contractor is further excluded if the violation was caused by the Client. In particular, the Contractor shall not be liable in cases in which the technical and organisational measures of the Contractor which were agreed with the Client do not comply with the requirements of Art. 32 GDPR because the Client fails to fulfil his information obligations according to 3.3.2 or does not do so on time.
Insofar as the Contractor's liability under the above paragraphs is excluded in whole or in part, the Client shall indemnify the Contractor upon the first inquiry against all claims raised by third parties against the Contractor due to data processing on behalf of the Client and shall bear the costs of the necessary legal defence including all court and legal costs to the statutory amount. In addition, facultative costs of the Contractor shall be borne in this context.
The same applies if a claim is made by third parties on the basis of the collection or transmission of their data to the Contractor or on the basis of the evaluation of the data within the scope of tracking, or if a claim by third parties exceeds the share of fault attributable to the Contractor in the case of joint and several liability. The Client is obliged to support the Contractor in an appropriate manner in the defence against claims raised by third parties, to provide without delay, truthfully and completely all information which could be necessary for the examination of the claims and the defence against them, and to make all appropriate evidence available to the Contractor.
The liability of the Client and the Contractor is determined externally and internally in accordance with the provisions of Art. 82 EU GDPR.
The corresponding regulation of the general terms and conditions of the Contractor applies to liability.
15. Signature
This Agreement shall be deemed expressly accepted if an order is placed without signature between the Client and the Contractor.
This Agreement can be viewed at any time on the Contractor's homepage at www.loudingads.com
APPENDIX I: Subcontractors
The contractually agreed services are carried out with the involvement of subcontractors who are involved in this processing. Below are listed all the subcontractors who are directly involved in the provision of services for the Client, and who may have or may have had access to the Client's data. This also includes external IT service providers with corresponding access rights.
Subcontractors
1. FREEMEDIA INTERNET, S.L (DoctorSender), Carrer Filà Abencerrajes, 4, 03804 Alcoi, Alacant Telephone: +34965524819 Email: info@doctorsender.com Service description: Email dispatch solution
2. OVH HISPANO S.L.U. C/ Alcalá 21, 5ª planta, 28014 Madrid (España), Telephone: +34902106113 Email: soporte@ovh.es
Service description: Data host
APPENDIX II: Technical and organisational measures by the Contractor The Contractor does not operate their own data centre. All personal data is stored and processed in the infrastructures of subcontractors and their specialised IT service providers based within the European Union (see APPENDIX I).
The Contractor takes the following technical and organisational measures for data security in their office building in the meaning of Art. 32 GDPR.
1. Confidentiality
Entry control
Denial of access to processing facilities to unauthorised persons carrying out the processing.
Measures:
- Definition of authorised persons: there is a clear regulation on authorised persons.
- Reception with visitor regulation: Access to offices only by authorised persons. Access and visit checks until leaving the premises.
- Key regulation and current key list
- Office doors and windows are locked when not in use. The main entrance is electronically secured and locked.
- Property security and secured entrance for delivery and collection: access on the 2nd floor. 2 locked main doors.
- Closed shop operation: no public traffic in the data processing department.
Authorisation control
The intrusion of unauthorised persons into the data processing systems is prevented by technical (code and password protection) and organisational (user administration) measures regarding user identification and authentication
Measures:
- Password procedures (including password complexity, minimum length, regular checking and change of password)
- Automatic locking (e.g. password or pause)
- Setting up a user master record for each user
- Encryption of data carriers
- Authorisations for access to data or systems are assigned by a central office
- Mobile IT systems and mobile data carriers are not permitted
- IT systems are protected against viruses and malware by 2 programmes
- Unauthorised access to IT systems by third parties is detected and prevented by firewall
Access control
Measures are taken to ensure that only authorised persons have access to data of the Client at the Contractor's ofice and that personal data cannot be read, copied, changed or removed without authorisation during processing, use and after storage.
Requirements-oriented design of the authorisation concept and access rights as well as their monitoring and logging.
Measures:
- Differentiated authorisations (profiles, roles, transactions and objects)
- Regulation on password use (regular checks and changes, secrecy)
- User roles and authorisations are checked regularly every 6 months
- Access rights are withdrawn when leaving the company or when changing tasks in the company
- The number of administrators is limited to the minimum
- Access to external applications is logged
- Paper documents with personal data are securely destroyed by shredder
Separation checks
Separate processing of data collected for different purposes, e.g. through multi-client capability; Measures for separate processing (storage, modification, deletion, transmission) of data with different purposes:
Measures:
- Multi-client capability with earmarking
- Data from different customers is processed separately and customers cannot access the data of other customers
- Pseudonymisation & encryption
The pseudonymisation of personal data is not possible, as the core of the service is the use of the email address. Further personal data is not necessary (optional).
Encryption of the recipient data is not possible if the data is actively in use. Archived recipient data is stored in encrypted form.
2. Integrity
Input control
Measures to retrospectively check whether and by whom data was entered, changed or deleted:
- Logging systems of external applications
Forwarding control
Measures are taken to ensure that personal data cannot be read, copied, altered or removed without authorisation during electronic transmission or during transport or storage on data carriers, and that it is possible to verify and determine where personal data should be transmitted by data transmission equipment.
Measures:
- Encryption and tunnel connection via VPN
- Obligatory transport security
- Obligation given by the Contractor to the Client that the transfer of personal data between Client and Contractor can only take place via login or if it is encrypted.
- Data is irretrievably deleted immediately after completion of the order
3. Availability and Loading Capacity
It is ensured that personal information on the Contractor's systems is protected against accidental destruction or loss.
Availability control and isolation measures:
- Regular backup in the cloud ensures rapid data recovery
- Virus protection and firewall in use
- Emergency plan
- Intrusion detection systems and use of current encryption methods in external systems
4. Procedures for Periodic Review, Assessment and Evaluation
Measures:
- The company management takes responsibility for data protection and information security
- Employees are regularly trained in data protection ( 1 training email every 6 months)
- Employees are under obligation to treat personal data confidentially (confidentiality agreement)
- A data protection officer is not obligatory due to company size but instead a permanent contact person for data protection has been appointed
- Regular employee training ensures that data protection violations are detected and reported immediately
- By daily examination of the inquiries and by permanently responsible persons, it is ensured that inquiries of data subjects are processed in a timely manner
- Analysis of the further requirements of the GDPR in order to improve and expand the existing principles, especially in the implementation and documentation of better processes
- Data protection management available
Order Control
No order data processing takes place without corresponding instructions from the Client.
Measures:
- Clear contract design
- Formalised order placement
- Criteria for the selection of the Contractor
- Checks on the execution of the contract