Contracting parties<\/h2>\r\n

This agreement is concluded between<\/p>\r\n

<\/p>\r\n

<\/textarea><\/p>\r\n<p>as the client (hereinafter referred to as \"AG\")<\/p>\r\n<p>and Endereco UG (haftungsbeschr\u00e4nkt) as contractor with registered office in 97236 Randersacker, Balthasar-Neumann-Str. 4B (hereinafter \"Contractor\").<\/p>\r\n<h2><br \/>\u00a7 1 General<\/h2>\r\n<p>(1) The Contractor shall process personal data on behalf of the Client within the meaning of Art. 4 (8) and Art. 28 of Regulation (EU) 2016\/679 - General Data Protection Regulation (GDPR). This contract regulates the rights and obligations of the parties in connection with the processing of personal data.<br \/><br \/>(2) Insofar as the term \"data processing\" or \"processing\" (of data) is used in this Agreement, the definition of \"processing\" within the meaning of Article 4 (2) of the GDPR shall apply.<\/p>\r\n<h2>\u00a7 2 Subject matter, duration and specification of the commissioned processing<\/h2>\r\n<p>(1) The subject matter of the contract, the nature and purpose of the processing and the categories of data to be processed as well as the categories of data subjects shall be determined by the following legal relationship(s) between the contracting parties (hereinafter referred to as the main contract):<\/p>\r\n<p style=\"padding-left: 40px;\">- Service contract with the Contractor based on the Client's registration on the Contractor's website and acceptance of the General Terms and Conditions.<\/p>\r\n<p>The provisions of this AV contract shall take precedence over the main contract.<\/p>\r\n<p>If the Customer orders further rights of use or other additional services at a later point in time, this agreement shall also apply accordingly to these services.<br \/><br \/>(2) The agreement on commissioned processing pursuant to Art. 28 DSGVO shall enter into force at the same time as the contract specified in more detail under \u00a72 (1) of the commissioned processing contract and shall expire when this contract specified in more detail itself expires. <br \/><br \/>(3) The agreement is issued for regular execution.<\/p>\r\n<p>(4) Within the scope of the fulfillment of the subject matter of the order, the Contractor shall be obliged to carry out the order in compliance with the provisions of this GC Agreement.<span lang=\"de-DE\">all necessary processing steps with regard to the client's data (e.g. duplication of confirmations).<\/span><span lang=\"de-DE\">The client is entitled to use the data (e.g. for loss backup, creation of log files, intermediate files and workspaces) insofar as this does not lead to a change in the content of the client's data.<\/span><\/p>\r\n<h2>\u00a7 3 Place of processing<\/h2>\r\n<p>(1) The provision of the contractually agreed data processing shall generally take place in a member state of the European Union (EU) or in another state party to the Agreement on the European Economic Area (EEA). The Contractor shall nevertheless be permitted to process personal data outside the EEA in compliance with the provisions of this contract (Section 11) if it informs the Client in advance of the place of data processing and the requirements of Art. 44 et seq. GDPR are fulfilled. If the Client does not agree to such data processing, it has the right to object to the data transfer.<\/p>\r\n<h2>\u00a7 4 Scope of application and responsibility<\/h2>\r\n<p>(1) The Contractor shall process personal data on behalf of the Client. Within the scope of this contract, the Client shall be solely responsible for compliance with the statutory provisions of the data protection laws, in particular for the lawfulness of the transfer of data to the Contractor as well as for the lawfulness of the data processing (\"Responsible Party\" within the meaning of Art. 4 No. 7 DSGVO).<br \/><br \/>(2) The instructions shall initially be stipulated by the contract and may thereafter be amended, supplemented or replaced by individual instructions (individual instructions) by the Principal in writing or in an electronic format (text form) to the office designated by the Contractor. Instructions not provided for in the contract shall be treated as a request for a change in performance and shall be documented by the Contractor. Verbal instructions shall be confirmed by the Principal in writing or text form without delay and documented by the Contractor.<br \/><strong>is the contact person for instructions of the Client at the Contractor:<\/strong><br \/><em>Name: Olena Schmitt<\/em><br \/><em>Function: internal data protection officer<\/em><br \/><em>Phone number: +49 931 663 98 39 2<\/em><br \/><em>email address: datenschutz@endereco.de<\/em><\/p>\r\n<h2>\u00a7 5 Obligations of the Contractor as Processor<\/h2>\r\n<p>(1)The Contractor shall process personal data exclusively on the documented instructions of the Client, unless it is legally obliged to process them otherwise. In this case, the Contractor shall notify the Client of these legal requirements prior to processing, unless the law in question prohibits such notification in the public interest.<\/p>\r\n<p class=\"p1\">The Contractor shall ensure that the processing of personal data is carried out in accordance with the Client's instructions. If the Contractor considers an instruction of the Client to be unlawful, in particular with regard to this contract or applicable data protection law, it shall inform the Client immediately. Until clarification or written confirmation by the Client, the Contractor shall be entitled to suspend the corresponding processing.<\/p>\r\n<p class=\"p1\">The parties agree that the responsibility for the legality of the instructions and the processing in accordance with the instructions lies with the Client<br \/><br \/>(2) The Contractor undertakes to organize the internal organization in his area of responsibility in such a way that it meets the special requirements of data protection. He shall take technical and organizational measures for the adequate protection of the Client's data that meet the requirements of the General Data Protection Regulation (Art. 32 DSGVO). The Contractor shall take technical and organizational measures to ensure the confidentiality, integrity, availability and resilience of the systems and services in connection with the Processing on a permanent basis. The Client is aware of these technical and organizational measures and is responsible for ensuring that they provide an adequate level of protection for the risks of the data to be processed. Details of the measures taken by the Contractor in accordance with Art 32 DSGVO to ensure the security of the Processing are listed in Annex 3.<br \/><br \/>(3) The Contractor is obliged to check and adapt the technical and organizational measures taken by it regularly and also on an ad hoc basis for their effectiveness and necessity in accordance with Art. 32 GDPR. The Contractor shall be obliged to adapt the technical and organizational measures listed in Annex 3 in particular if this is necessary for compliance with<br \/>the obligations of this contract. The client must be informed immediately of any significant changes.<br \/><br \/>The Contractor reserves the right to change the security measures taken without separate notification if this does not fall below the contractually agreed level of protection and does not contradict the GDPR. In the standard case, these are improvements to data security through measures in terms of information security, data protection and quality management.<br \/><br \/>(4) The Contractor warrants that the employees involved in the processing of the Client's data and other persons working for the Contractor are prohibited from processing the data outside the scope of the instruction. Furthermore, the Contractor warrants that the persons authorized to process the personal data have committed themselves to confidentiality or are subject to an appropriate statutory duty of confidentiality. The confidentiality\/confidentiality obligation shall continue to exist after termination of the order.<br \/><br \/>(5) To the extent agreed, the Contractor shall support the Client within the scope of its possibilities in fulfilling the requests and claims of data subjects pursuant to Chapter III of the GDPR and in complying with the obligations set out in Art. 32 to 36 GDPR.<br \/><br \/>(6) The Contractor shall inform the Client without undue delay if it becomes aware of violations of the Client's personal data protection or if it becomes aware of circumstances that suggest a violation. The Contractor shall take the necessary measures to secure the data and to mitigate any possible adverse consequences for the persons concerned and shall consult with the Client on this without delay.<br \/><br \/>(7) The Contractor shall ensure that it complies with its obligations under Article 32 (1) d) of the GDPR to implement a procedure for the regular review of the effectiveness of the technical and organizational measures to ensure the security of the Processing.<br \/><br \/>(8) The Contractor shall correct or delete the contractual data if the Client instructs it to do so and this is covered by the scope of instructions. If deletion in conformity with data protection or a corresponding restriction of data processing is not possible, the Contractor shall undertake the destruction of data carriers and other materials in conformity with data protection on the basis of an individual order by the Client or return these data carriers to the Client, unless already agreed in the contract.<br \/><br \/>(9) Data, data carriers and all other materials shall be either surrendered or deleted by the Contractor after the end of the contract at the Client's request analogous to \u00a7 5 para. 8. In the case of test and reject materials, an individual instruction for deletion shall not be required. If additional costs arise as a result of the Principal's deviating, market-unusual requirements for the release or deletion of the data that do not result from applicable data protection law or from the contracts, these shall be borne by the Principal.<br \/><br \/>(10) In the event of a claim against the Customer by a data subject with regard to any claims pursuant to Art. 82 of the GDPR, the Contractor undertakes to support the Customer in defending the claim within the scope of its possibilities.<\/p>\r\n<h2>\u00a7 6 Duties of the AG as the responsible party<\/h2>\r\n<p>(1) The Client as Controller shall ensure that the Processing is carried out in accordance with the principles set out in Chapter II of the GDPR and that the technical and organizational measures taken by the Contractor as Processor (Annex 3) and those measures set out in the Contracts, if any, in addition thereto provide an adequate level of protection, taking into account the nature, scope, circumstances and purposes of the Processing and the varying likelihood and severity of the risks to the rights and freedoms of natural persons.<br \/><br \/>(2) The Customer shall inform the Contractor immediately and in full if it discovers errors or irregularities in the order results with regard to data protection provisions.<br \/><br \/>(3) As the controller, the client is obliged under Art. 32 - 36 GDPR to report all breaches of personal data protection to the supervisory authority and to notify the persons affected by them<\/p>\r\n<p>(4) In the event of a claim against the Contractor by a data subject with regard to any claims pursuant to Art. 82 of the GDPR, Section 5 (10) shall apply accordingly.<br \/><br \/>(5) The Customer shall inform the Contractor of the contact person for data protection issues arising within the scope of the contract.<\/p>\r\n<h2>\u00a7 7 Data Protection Officer of the Contractor<\/h2>\r\n<p>(1) The Contractor confirms that it has appointed a data protection officer in accordance with Art. 37 DSGVO. The Contractor shall ensure that the data protection officer has the required qualifications and expertise. The current contact details are easily accessible on the Contractor's website.<br \/><br \/>The Contractor may provide the Client with the name and contact details of its data protection officer separately in text form upon request.<\/p>\r\n<h2>\u00a7 8 Requests from affected persons<\/h2>\r\n<p>(1) If a data subject approaches the Contractor with requests for correction, deletion or information, the Contractor shall refer the data subject to the Employer, provided that an assignment to the Employer is possible according to the data subject. The Contractor shall forward the request of the person concerned to the Client without delay. The Contractor shall support the Client within the scope of its possibilities upon instruction as far as agreed.<\/p>\r\n<p>(2) In the case of requests from data subjects that cannot be clearly assigned, the contractor undertakes to ask the data subject for further information that serves exclusively to be able to correctly assign the request. The data subject shall be informed of the necessity of this information.<br \/><br \/>(3) Insofar as paragraphs 1 and 2 are fulfilled, the Contractor shall not be liable if the request of the person concerned is not answered by the Client or is not answered properly or on time.<\/p>\r\n<h2>\u00a7 9 Control rights of the customer<\/h2>\r\n<p>(1) The Client shall have the right to monitor the Contractor's compliance with the statutory provisions on data protection and\/or compliance with the contractual provisions made between the Parties and\/or compliance with the Client's instructions at any time to the extent required.<\/p>\r\n<p>(2) The Contractor shall be obliged to provide the Client with information insofar as this is necessary to carry out the inspection within the meaning of Paragraph 1.<\/p>\r\n<p>(3) The Contractor undertakes to support the Client in its audits pursuant to Art. 28 para. 3 sentence 2 lit. h GDPR for compliance with the data protection regulations and the contractual agreements to an appropriate and necessary extent. The Contractor shall provide the Client with all information necessary to prove compliance with the obligations under Art. 28 GDPR, insofar as this is within its area of responsibility and its provision is proportionate. The information shall be provided within a reasonable period of time, usually within 14 days of a written request.<\/p>\r\n<p>(4) The tests shall be carried out by the Client itself or by a third party commissioned by it. If the third party commissioned by the Client is in a direct competitive relationship with the Contractor, the Contractor shall have the right to object to this. Commissioned third parties must be sworn to secrecy by the Client. The Contractor shall have the right to demand the submission of a separate declaration of confidentiality by the commissioned third party. This applies in particular to the submission of declarations of professional or statutory confidentiality. The duty of confidentiality shall cover all information and business secrets obtained during the audit and shall continue to apply after the audit has been completed.<\/p>\r\n<p>An audit can be carried out in particular by obtaining information and inspecting the stored data and data processing programs as well as through other measures. Other measures include requesting certifications, reports on data protection audits and on-site inspections. On-site inspections shall be carried out by the Client with reasonable advance notice (at least 5 working days) during normal business hours. The inspections must be carried out without disrupting operations and in compliance with the security and confidentiality interests of the Contractor and are limited to one inspection per calendar year.<\/p>\r\n<p>As an exception, unannounced inspections are permissible if the PI has given cause for such an inspection due to a breach of contract or law. This may generally be the case if:<br \/>- reasonable suspicion of serious data protection violations<br \/>- Acute danger for data subject rights<br \/>- Suspicion of destruction\/manipulation of evidence<\/p>\r\n<p>The Client must document the specific reason in writing. In the event of unjustified unannounced inspections, the Client shall bear the costs incurred by the Contractor for disruption of operations.<br \/>The Contractor is obliged to facilitate and actively support inspections. This includes, in particular, entering the premises relevant for order processing, providing competent contact persons and access to the necessary documents and systems. The inspection shall be carried out in compliance with the business secrets of third parties, operational security and within reasonable business hours.<\/p>\r\n<p>(5) In the event of measures by the supervisory authority vis-\u00e0-vis the Client within the meaning of Art. 58 of the GDPR, in particular with regard to information and control obligations, the Contractor shall be obliged to provide the Client with the necessary information and to enable the respective competent supervisory authority to carry out an on-site inspection. The Client shall be informed by the Contractor about corresponding planned measures.<\/p>\r\n<p>(6) Subject to deviating provisions, the Contractor may demand additional remuneration for additional expenses incurred by it as a result of the Client's control measures. These shall be calculated according to the actual costs incurred and hourly rates.<\/p>\r\n<h2>\u00a7 10 Subcontractors<\/h2>\r\n<p>(1) Der AG erteilt hiermit seine Zustimmung zur Verarbeitung der Daten durch die Tochtergesellschaft mobilemojo \u2013 Apps & eCommerce UG (haftungsbeschr\u00e4nkt) & Co. KG, als Unterauftragsverarbeiterin, soweit dies f\u00fcr die Leistungserbringung gem\u00e4\u00df des zu Grunde liegenden Hauptvertrages erforderlich ist.<br \/><br \/>(2) All subcontractor relationships of the Contractor already existing at the time of conclusion of the contract are attached to this contract in Annex 2. For the subcontractors listed in Annex 2, approval shall be deemed to have been granted upon conclusion of this contract.<br \/><br \/>The Contractor has entered into agreements with these third parties to the extent necessary to ensure appropriate data protection and information security measures.<br \/><br \/>Before calling in or replacing the subcontractors, the Contractor shall inform the Client in text form. <br \/><br \/>The Client shall grant the Contractor general authorization to make use of other processors within the meaning of Art. 28 GDPR. The Contractor shall inform the Client in advance if it intends to involve or replace subcontractors. The Client may object to such changes. The objection to the intended change must be raised with the Contractor within 2 weeks of receipt of the information about the change.<br \/><strong>is the contact person for the AG at the AN:<\/strong><br \/><em>Name: Olena Schmitt<\/em><br \/><em>Function: internal data protection officer<\/em><br \/><em>Phone number: +49 931 663 98 39 2<\/em><br \/><em>email address: datenschutz@endereco.de<\/em><\/p>\r\n<p>(3) If the Contractor places orders with subcontractors, it shall be incumbent on the Contractor to transfer its data protection obligations under this contract to the subcontractor. The disclosure of personal data of the A<span lang=\"de-DE\">Gs<\/span> to the subcontractor and the subcontractor's initial activities are only permitted once all requirements for subcontracting have been met. In particular, the A<span lang=\"de-DE\">N<\/span>, to transfer its data protection obligations under this contract to the other processor in accordance with Art. 28 para. 4 sentence 1 GDPR.<\/p>\r\n<p>(4) The subcontractors listed in Annex 2 to this contract shall be deemed approved.<\/p>\r\n<h2>\u00a7 11 Transfer to third countries<\/h2>\r\n<p>(1) Data will only be transferred to third countries outside the EU and the EEA on the documented instruction of the controller, provided that the requirements of Art. 44 et seq. of the GDPR are met.<\/p>\r\n<p>(2) Order processing in a third country, including by sub-processors, requires the prior consent of the Client and may only take place if the special requirements of Art. 44 et seq. GDPR are met, unless the Contractor is obliged to process in the third country by the law of the Union or of the Member States to which the Contractor is subject; in such a case, the Contractor shall notify the Client of these legal requirements prior to processing, unless the law in question prohibits such notification on grounds of important public interest (Art. 28 para. 3 sentence 2 lit. a GDPR).<\/p>\r\n<p>(3) Unless otherwise agreed in the contract, processing in a third country shall only be permitted with the prior consent of the Client. The Contractor shall inform the Client in advance which third country(ies) are involved and how the appropriate level of protection within the meaning of Art. 44 ff GDPR is ensured for the processing there.<\/p>\r\n<p>(4) If a transfer of personal data to a third country is required for the provision of individual services and the Client expressly refuses this transfer without an alternative, equivalent technical solution being available within the EU\/EEA, the service in question cannot be provided.<\/p>\r\n<p class=\"p1\">In such a case, the client has no claim to the use of the affected service or to compensation.<\/p>\r\n<p>(5) The Contractor shall provide a contact that the Client can inform affected parties of as the office where the guarantees are available or where a copy of the guarantee can be requested.<\/p>\r\n<h2>\u00a7 Section 12 Duty to provide information, written form clause, choice of law<\/h2>\r\n<p>(1) Should the Client's data at the Contractor be endangered by attachment or seizure, by insolvency or composition proceedings or by other events or measures of third parties, the Contractor shall immediately inform the Client thereof. The Contractor shall immediately inform all persons responsible in this context that the sovereignty and ownership of the data lies exclusively with the Client as the \"responsible party \" within the meaning of the General Data Protection Regulation.<br \/><br \/>(2) Amendments and supplements to this Annex and all of its components - including any warranties of the Contractor - shall require a written agreement, which may also be in an electronic format (text form), and the express indication that it is an amendment or supplement to these Terms and Conditions. This shall also apply to the waiver of this formal requirement.<br \/><br \/>(3) In the event of any contradictions, the provisions of this Annex on data protection shall take precedence over the provisions of the Agreement. Should individual parts of this Annex be invalid, this shall not affect the validity of the rest of the Annex.<br \/><br \/>(4) German law shall apply.<\/p>\r\n<h2>\u00a7 13 Liability and compensation<\/h2>\r\n<p>(1) The Client and the Contractor shall be liable to data subjects under data protection law in accordance with the provision set out in Art. 82 DSGVO. Any liability and compensation provisions that do not comply with data protection law or go beyond this or individual provisions shall be agreed exclusively in the offers and contracts between the Client and the Contractor.<\/p>\r\n<h2>\u00a7 14 Confidentiality and secrecy<\/h2>\r\n<p>(1) Both Parties undertake to maintain basic confidentiality and secrecy with regard to the contents of this Agreement. Exempt from this are statutory disclosure obligations to authorities, in court or criminal proceedings as well as contractual obligations to persons and auditors of both the Principal and the Contractor who undertake to maintain confidentiality vis-\u00e0-vis the Principal or the Contractor or who are subject to a confidentiality obligation, and ultimately also other order processors and affiliated companies for which the present provisions constitute an integral part within the scope of their performance of activities. <!--more--><\/p>\r\n<h2>Annex 1 - Subject of the order<\/h2>\r\n<h3>1. subject of processing<\/h3>\r\n<p>The mission of the A<span lang=\"de-DE\">G<\/span>s to the A<span lang=\"de-DE\">N<\/span> includes:<\/p>\r\n<p style=\"padding-left: 40px;\">(1) Comparison, adaptation, transmission and storage of customer master data directly upon entry (address, e-mail, salutation, telephone, etc.)<br \/>(2) Data check, correction and evaluation of existing data (batch)<\/p>\r\n<h3>2. types of processing<\/h3>\r\n<p>Within the scope of the object of data processing described above, the A<span lang=\"de-DE\">N<\/span> following processing for the A<span lang=\"de-DE\">G<\/span> before:<\/p>\r\n<p style=\"padding-left: 40px;\">(1) Collection and transmission of data entered by customers and employees to Endereco servers<br \/>(2) Comparison of the data entered by customers and employees with the data from address databases (hosted internally by Endereco and\/or externally by our subcontractors)<br \/>(3) Intermediate storage of the data entered by customers and employees on the Endereco servers<br \/>(4) Correction and enrichment of data entered by customers and employees<br \/>(5) Transmission of corrected data back to the A<span lang=\"de-DE\">G<br \/><\/span>(6) The deletion of the data takes place automatically, usually after 30 days.<br \/>(7) Storage of meta-information for each request (time, referrer)<\/p>\r\n<h3>3. purpose of processing<\/h3>\r\n<p>(1) Personal data is processed on the basis of Article 6(1)(f) of the GDPR. The legitimate interests of the controller consist in the prevention of fraud and ensuring a correct data basis for the execution of the respective business processes.<\/p>\r\n<p>(2) The processing from point 2.7 serves the purpose of fraud prevention and the billing of the use of the services of endereco UG.<\/p>\r\n<h3>4. type(s) of personal data<\/h3>\r\n<p>The following types of data are processed as part of the contractual provision of services:<br \/>(1) Personal master data (e.g. postal addresses, salutation)<br \/>(2) Communication data (e.g. telephone, e-mail)<br \/>(3) Contract master data<br \/>(4) Technical data (referrer to the AG's system, time of the request)<\/p>\r\n<h3>5. categories of person concerned<\/h3>\r\n<p>(1) Customers of the AG<\/p>\r\n<hr \/>\r\n<h2>Annex 2 - Subcontractors<\/h2>\r\n<p>For the processing of data on behalf of the Client, the Contractor shall use the services of third parties who process data on its behalf (\"subcontractors\"). These are the following company(ies):<\/p>\r\n<table style=\"width: 100%;\" border=\"1\">\r\n<tbody>\r\n<tr>\r\n<th>Company\/Subcontractor<\/th>\r\n<th style=\"width: 30%;\">Address\/Country\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \u00a0 \u00a0\u00a0<\/th>\r\n<th>Order content<\/th>\r\n<\/tr>\r\n<tr>\r\n<td>netcup GmbH<\/td>\r\n<td>\r\n<p>Daimlerstrasse 25,<br \/>76185 Karlsruhe,<br \/>Germany<\/p>\r\n<\/td>\r\n<td>\r\n<p>Hosting of databases for auditing and reporting of customer data<\/p>\r\n<\/td>\r\n<\/tr>\r\n<tr>\r\n<td>mobilemojo \u2013 Apps & eCommerce UG & CO.KG<\/td>\r\n<td>\r\n<p>Balthasar Neumann St. 4B<br \/>97236 Randersacker<br \/>Germany<\/p>\r\n<\/td>\r\n<td><br \/>Subsidiary - development and operation of Endereco software<\/td>\r\n<\/tr>\r\n<tr>\r\n<td>\u00a0<\/td>\r\n<td>\u00a0<\/td>\r\n<td>\u00a0<\/td>\r\n<\/tr>\r\n<tr>\r\n<td>sms77 e.K.<\/td>\r\n<td>\r\n<p>Willestr. 4-6<br \/>24103 Kiel<br \/>Germany<\/p>\r\n<\/td>\r\n<td>Checking phone numbers for validity and reachability. Formatting of phone numbers<\/td>\r\n<\/tr>\r\n<tr>\r\n<td>Post CH Network Ltd.<\/td>\r\n<td>\r\n<p>Wankdorfallee 4<br \/>3030 Berne<br \/>Switzerland<\/p>\r\n<\/td>\r\n<td>Verification of postal addresses in Switzerland<\/td>\r\n<\/tr>\r\n<tr>\r\n<td>Egon srl<\/td>\r\n<td>\r\n<p>Via Monte di Piet\u00e0 19<br \/>20121 MILANO MI<br \/>Italia<\/p>\r\n<\/td>\r\n<td>Hosting and API for the solution for international address validation services<\/td>\r\n<\/tr>\r\n<tr>\r\n<td>Cobisi Research\u2122<\/td>\r\n<td>\r\n<p>Via della Costituzione, 31<br \/>35010, Vigonza (PD)<br \/>Italy<\/p>\r\n<\/td>\r\n<td>Email address verification<\/td>\r\n<\/tr>\r\n<tr>\r\n<td>Melissa Data Ltd.<\/td>\r\n<td>\r\n<p>Cecilia St. 42-44<br \/>50667 Cologne<br \/>Germany<\/p>\r\n<\/td>\r\n<td>Hosting and API for the solution for international address validation services<\/td>\r\n<\/tr>\r\n<tr>\r\n<td>\r\n<p>Linkomat GmbH<\/p>\r\n<\/td>\r\n<td>\r\n<p>Goldschlagstrasse 110\/30, <br \/>1150 Vienna,<br \/>Austria<\/p>\r\n<\/td>\r\n<td>Verification of VAT IDs and company data<\/td>\r\n<\/tr>\r\n<tr>\r\n<td>Optimaize Ltd.<\/td>\r\n<td>\r\n<p>In the upper village 16,<br \/>CH-8602 Wangen near Zurich, <br \/>Switzerland<\/p>\r\n<\/td>\r\n<td>Names API<\/td>\r\n<\/tr>\r\n<tr>\r\n<td>AZ Direct GmbH<\/td>\r\n<td>\r\n<p>Carl-Bertelsmann-Str. 161s,<br \/>33311 G\u00fctersloh <br \/>Germany<\/p>\r\n<\/td>\r\n<td>Verification of customer data including first name, surname and addresses<\/td>\r\n<\/tr>\r\n<tr>\r\n<td>Austrian Post AG<\/td>\r\n<td>\r\n<p>Rochusplatz 1 <br \/>1030 Vienna <br \/>Austria<\/p>\r\n<\/td>\r\n<td>Hosting and API for the solution for address validation of Austrian addresses<\/td>\r\n<\/tr>\r\n<\/tbody>\r\n<\/table>\r\n<h2>\u00a0<\/h2>\r\n<h2>Annex 3 - Organizational and technical measures<\/h2>\r\n<p>As an organization that collects, processes or uses personal data itself or on behalf of others, we must take the technical and organizational measures necessary to ensure compliance with the provisions of data protection laws. Measures are only necessary if their cost is in reasonable proportion to the intended protective purpose.<\/p>\r\n<p>Endereco UG meets this requirement through the following measures:<\/p>\r\n<p><strong>1. confidentiality according to Art. 32 para. 1 lit. b DSGVO<\/strong><\/p>\r\n<p><strong>1.1 Access control<\/strong><br \/>The following measures have been taken to prevent unauthorized persons from accessing the data processing equipment with which personal data are processed or used:<\/p>\r\n<p><strong>Technical measures:<\/strong><br \/>- manual locking system<br \/>- Security locks<\/p>\r\n<p><strong>Organizational measures:<\/strong><br \/>- Key arrangement (handing over of keys etc.)<br \/>- Visitors accompanied by employees<br \/>- Careful selection of cleaning personnel<br \/>- Other: The contracts with our hosting subcontractors regulate access controls to the servers and offices in the enclosed TOMs.<\/p>\r\n<p><br \/><strong>1.2 Access control<\/strong><br \/>The following measures have been taken to prevent unauthorized third parties from using the data systems:<\/p>\r\n<p><strong>Technical measures:<\/strong><br \/>- Login with username + password<br \/>- Automatic desktop lock<br \/>- no transmission of data via unencrypted connections<br \/>- Encryption of the data backup systems<br \/>- Use of intrusion detection systems (Cloudflare)<br \/>- Use of anti-virus software<br \/>- Encryption of data carriers in laptops\/notebooks<br \/>- Use of a software firewall<\/p>\r\n<p><strong>Organizational measures:<\/strong><br \/>- Manage user permissions<br \/>- Central password assignment<br \/>- Secure Password Policy<br \/>- Delete \/ Destroy Policy<br \/>- Clean desk policy<br \/>- Manual desktop lock\" instructions<br \/>- Mobile Device Policy<\/p>\r\n<p><br \/><strong>1.3 Access control<\/strong><br \/>The following measures have been taken to ensure that those authorized to use a data processing system can only access the data subject to their access authorization, and that personal data cannot be read, copied, modified or removed without authorization during processing, use and after storage:<\/p>\r\n<p><strong>Technical measures:<\/strong><br \/>- Logging of accesses to applications, especially when entering, changing and deleting data<br \/>- Use of document shredders (level P5)<br \/>- Secure storage of data media<br \/>- Encryption of data carriers<\/p>\r\n<p><strong>Organizational measures:<\/strong><br \/>- Authorization concept<br \/>- Management of rights by system administrator<br \/>- Regular review and updating of access rights (especially when employees leave the company or similar)<br \/>- Secure Password Policy<\/p>\r\n<p><strong>1.4 Separation control<\/strong><br \/>The following measures have been taken to ensure that data collected for different purposes can be processed separately:<\/p>\r\n<p><strong>Technical measures:<\/strong><br \/>- There is a software separation of the data of the individual customers<br \/>- Development, test and production data are strictly separated<br \/>- Development, test and production systems are strictly separated<br \/>- Endereco uses different domains and SSL certificates for test and production systems<\/p>\r\n<p><strong>Organizational measures:<\/strong><br \/>- Control via authorization concept<br \/>- Setting database rights<\/p>\r\n<p><strong>1.5 Pseudonymization (Art. 32 para. 1 lit. a) DSGVO, Art. 25 para. 1 DSGVO)<\/strong><br \/>The processing of personal data shall be carried out in such a way that the data can no longer be attributed to a specific data subject without recourse to additional information, provided that such additional information is kept separately and is subject to appropriate technical and organizational measures:<\/p>\r\n<p><strong>Technical measures:<\/strong><br \/>- Separation\/deletion of assignment data and storage in separate and secured system<br \/>- no access to data by the store operator or licensee<\/p>\r\n<p><strong>Organizational measures:<\/strong><br \/>- Internal instruction to anonymize \/ pseudonymize personal data as far as possible in the event of disclosure or even after expiry of the statutory deletion period.<\/p>\r\n<p><strong>2. integrity (Art. 32 para. 1 lit. b DSGVO)<\/strong><\/p>\r\n<p><strong>2.1 Input control<\/strong><br \/>With the aid of the following measures, it is possible to check and determine retrospectively whether and by whom personal data have been entered into data processing systems, modified or removed:<\/p>\r\n<p><strong>Technical measures:<\/strong><br \/>- Technical logging of the entry, modification and deletion of data<br \/>- Manual or automated control of the logs<\/p>\r\n<p><strong>Organizational measures:<\/strong><br \/>- Overview of which programs can be used to enter, change or delete which data<br \/>- Traceability of input, modification and deletion of data through individual user names (not user groups)<br \/>- Assignment of rights to enter, change and delete data on the basis of an authorization concept<br \/>- Clear responsibilities for deletions<\/p>\r\n<p><br \/><strong>2.2 Transfer control<\/strong><br \/>The following measures ensure that personal data cannot be obtained or accessed by unauthorized persons during transfer (physical and\/or digital):<\/p>\r\n<p><strong>Technical measures:<\/strong><br \/>- Encryption of communication channels (e.g. encryption of e-mail traffic)<br \/>- Encryption of physical data media during transport<br \/>- Safe transport containers<br \/>- Provisioning over encrypted connections such as sftp, https<\/p>\r\n<p><strong>Organizational measures:<\/strong><br \/>- Documentation of the data recipients as well as the duration of the planned transfer or the deletion periods<br \/>- Care in the selection of transport personnel and vehicles<\/p>\r\n<p><strong>3. availability and resilience (Art. 32 (1) (b) GDPR)<\/strong><\/p>\r\n<p><strong>3.1 Availability, recoverability and resilience of the systems<\/strong><br \/>The following measures ensure that the data processing systems used function properly at all times and that personal data is protected against accidental destruction or loss:<\/p>\r\n<p><strong>Technical measures:<\/strong><br \/>- Testing data recovery<br \/>- Regular backups of databases<br \/>- The technical measures for the availability, recoverability and resilience of the systems from the hardware side, are ensured by the TOMs of our subcontractors from the hosting areas.<\/p>\r\n<p style=\"padding-left: 40px;\">\u25e6 Fire and smoke detection systems<br \/>\u25e6 Fire extinguisher server room<br \/>\u25e6 Server room monitoring temperature and humidity<br \/>\u25e6 Server room air-conditioned<br \/>\u25e6 UPS<br \/>\u25e6 RAID system \/ hard disk mirroring<\/p>\r\n<p><strong>Organizational measures:<\/strong><br \/>\u2022 Erstellen eines Backup- & Recoverykonzepts<br \/>- Creation of an emergency plan for internal measures<br \/>- The organizational measures for the availability, recoverability and resilience of the systems from the hardware side, are ensured by the TOMs of our subcontractors from the hosting areas.<\/p>\r\n<p style=\"padding-left: 40px;\">\u25e6 No sanitary connections in or above the server room<br \/>\u25e6 Backup & Recovery-Konzept (ausformuliert)<br \/>\u25e6 Control of the backup process<br \/>\u25e6 Existence of an emergency plan (e.g. BSI IT Grundschutz 100-4)<\/p>\r\n<p><strong>4. procedures for regular review, assessment and evaluation (Art. 32(1)(d) GDPR; Art. 25(1) GDPR)<\/strong><\/p>\r\n<p><strong>4.1 Data protection management<\/strong><\/p>\r\n<p><strong>Technical measures:<\/strong><br \/>- Central documentation of all procedures and regulations on data protection with access for employees according to need \/ authorization (Wiki, Intranet ...)<br \/>- A review of the effectiveness of the technical protective measures is carried out at least once a year.<\/p>\r\n<p><strong>Organizational measures:<\/strong><br \/>- Internal data protection officer<br \/>- Employees trained and committed to confidentiality \/ data secrecy<br \/>- Regular sensitization of employees, at least annually<br \/>- The data protection impact assessment (DSFA) is carried out as required<br \/>- The organization complies with the information obligations according to Art. 13 and 14 DSGVO<br \/>- Formalized process for handling requests for information from data subjects is in place<\/p>\r\n<p><strong>4.2 Incident response management<\/strong><br \/>Support for security breach response<\/p>\r\n<p><strong>Technical measures:<\/strong><br \/>- Use of firewall and regular updating<br \/>- Use of spam filters and regular updating<br \/>- Use of virus scanner and regular updating<br \/>- Intrusion Detection System (IDS)<\/p>\r\n<p><strong>Organizational measures:<\/strong><br \/>- Documented process for detecting and reporting security incidents \/ data breaches (also with regard to reporting obligation to supervisory authority)<br \/>- Documented procedure for handling security incidents<br \/>- Documentation of security incidents and data breakdowns e.g. via ticket system<br \/>- Formal process and responsibilities for following up on security incidents and data breaches<\/p>\r\n<p><strong>4.3 Data protection-friendly default settings (Art. 25 (2) GDPR)<\/strong><br \/>Privacy by design \/ Privacy by default<\/p>\r\n<p><strong>Technical measures:<\/strong><br \/>- No more personal data is collected than is necessary for the respective purpose<br \/>- Simple exercise of the right of withdrawal of the data subject by technical measures<\/p>\r\n<p><br \/><strong>Organizational measures:<\/strong><\/p>\r\n<p><strong>4.4 Order control (outsourcing to third parties)<\/strong><\/p>\r\n<p><strong>Technical measures:<br \/><br \/><\/strong><strong>Organizational measures:<\/strong><br \/>- Prior verification of the safety measures taken by the contractor and their documentation<br \/>- Selection of the contractor under due diligence aspects (especially with regard to data protection and data security)<br \/>- Conclusion of the necessary agreement on commissioned processing or EU standard contractual clauses<br \/>- Written instructions to the contractor<br \/>- Obligation of the contractor's employees to maintain data secrecy<br \/>- Obligation to appoint a data protection officer by the contractor if the obligation to appoint exists<br \/>- Agreement on effective control rights vis-\u00e0-vis the contractor<br \/>- Regulation on the use of additional subcontractors<br \/>- Ensuring the destruction of data after the completion of the order<\/p>\r\n<p>Status: 18.06.2025<\/p>\n\n <div class=\"signatures row\">\n\n <input type=\"hidden\" id=\"invite_hash\" name=\"invite_hash\" value=\"\" \/>\n <input type=\"hidden\" name=\"checksum\" value=\"\" \/>\n <input type=\"hidden\" name=\"esig_nonce\" autocomplete=\"off\" value=\"c5fc9fa447\" \/>\n <input type=\"hidden\" id=\"esig-screen-width\" name=\"esig_screen_width\" value=\"\" \/>\n\n <p class=\"esig-anti-spam\">Leave this empty: <input type=\"hidden\" autocomplete=\"off\" name=\"esig_sp_url\" \/><\/p>\n\n <p>\n <label for=\"legalname\" class=\"esig-visuallyhidden\"> Your legal name <\/label><input type=\"esiglegalname\" required class=\"form-control esig-no-form-integration\" id=\"recipient_first_name\" name=\"recipient_first_name\" value=\"\" placeholder=\"Your legal name\" \/>\n <\/p>\n\n \n\t\t\t<p>\n\t\t\t\t<label class=\"esig-visuallyhidden\">Your email address<\/label><input required type=\"email\" class=\"form-control\" placeholder=\"Your email address\" id=\"esig-sad-email\" name=\"esig-sad-email\" value=\"\"\/>\n\t\t\t<\/p>\n \n <div class=\"col-sm-6\" id=\"signature-wrapper\">\n <div class=\"signature-wrapper-displayonly recipient\" data-rel=\"popup\">\n <span id=\"esig-signature-added rtl-sign-arrow\">\n <img decoding=\"async\" id=\"esig-sign-arrow\" src=\"https:\/\/www.endereco.de\/wp-content\/plugins\/e-signature\/assets\/images\/sign-arrow.svg\" alt=\"Signature arrow sign here\" class=\"sign-arrow rtl-sign-arrow\" width=\"80px\" height=\"70px\" \/>\n <div id=\"signatureCanvas2\" area-label=\"Sign here\" alt=\"Sign here\" class=\"sign-here pad\" height=\"85\"><\/div>\n <input type=\"hidden\" id=\"esig-recipient-signature\" name=\"recipient_signature\" class=\"output\" value=''>\n <\/span>\n <\/div>\n <div id=\"signer-signature\" style=\"display:none\">\n <div id=\"tabs\" class=\"\">\n <div class=\"signature-tab\">\n <article id=\"adopt\">\n <header class=\"ds-title p\">\n <label for=\"full-name\">Please Confirm full name and signature.<\/label>\n <\/header>\n <div class=\"full-name\">\n <div class=\"wrapper\">\n <div class=\"text-input-wrapper\">\n <input id=\"esignature-in-text\" value=\"\" name=\"esignature_in_text\" class=\"esignature-in-text\" maxlength=\"64\" type=\"text\">\n <\/div>\n <\/div>\n <\/div>\n <a href=\"#\" id=\"esig-type-in-change-fonts\" style=\"display:none\">Change fonts<\/a>\n <div class=\"clear-float\"><\/div>\n <\/article>\n <ul>\n <li >\n <a href=\"#tabs-1\" id=\"esig-tab-draw\" class=\"selected sel\">Draw Signature <br \/><\/a>\n <\/li>\n <li >\n <a href=\"#tabs-2\" id=\"esig-tab-type\" class=\"\">Type In Signature<br \/><\/a>\n <\/li>\n <\/ul>\n <\/div> <!-- type signature end here -->\n \n \n <div id=\"tabs-1\">\n <div class=\"signature-wrapper\">\n <span class=\"instructions\">\n Draw your signature with <strong>your mouse, tablet or smartphone<\/strong> <\/span>\n <a href=\"#clear\" id=\"clearSignaturePad\" class=\"clearButton\" style=\"margin-bottom:25px;\">Clear<\/a>\n <canvas id=\"signatureCanvas\" aria-label=\"Sign here\" class=\"sign-here pad\" width=\"410\" height=\"85\"><\/canvas>\n <input type=\"hidden\" name=\"output\" class=\"output\" value='' \/>\n <div class=\"description\">\n I agree that I am <span id=\"esig-iam-draw\"><\/span> and I agree this is a legal representation of my signature for all purposes\n\t\t\t\t\t\tjust the same as a pen-and-paper signature <\/div>\n <button class=\"button saveButton\" data-nonce=\"c5fc9fa447\">Insert Signature<\/button>\n <\/div>\n <\/div>\n \n \n <div id=\"tabs-2\">\n <div>\n <!-- type esignature start here -->\n <div id=\"type-in-signature\">\n <div id=\"esig-type-in-preview\" class=\"pad esig-signature-type-font1\" width=\"450px\" height=\"100px\">\n\n <\/div>\n <div id=\"esig-type-in-controls\">\n <div>\n <div id=\"type-in-text-accept-signature-statement\">\n <label for=\"type-in-text-accept-signature\">\n I agree that I am <span id=\"esig-iam-type\"><\/span> and <span class=\"signature\">\n I understand this is a legal representation of my signature <\/span>\n <\/label>\n <\/div>\n <div>\n <a id=\"esig-type-in-text-accept-signature\" class=\"blue-sub alt button-appme button\" href=\"#\">\n <span class=\"esig-signature-type-add\">Adopt & Sign<\/span>\n <\/a>\n <\/div>\n <\/div>\n <\/div>\n <div class=\"clearfix error\"><\/div>\n\n <\/div>\n\n <\/div>\n\n <\/div>\n\n <\/div>\n <!-- -->\n <\/div>\n <\/div>\n\n\n\n \n \n \n\n\n\n <div id=\"esig-mob-input\"><\/div>\n <span style=\"display:none;\">\n <input type=\"submit\" name=\"submit-signature\" value=\"Submit signature\" \/>\n <\/span>\n\n <\/div>\n\n\n\n <div class=\"audit-wrapper\">\n <!-----------\n\t\t<div class=\"row page-break-before\">\n\t\t\t<div class=\"esig-logo col-sm-8 eisg-rtl-legally-signed\">\n\t\t\t\t<a href=\"\/\/aprv.me\/audit-trail\" target=\"_blank\"><img decoding=\"async\" src=\"https:\/\/www.endereco.de\/wp-content\/plugins\/e-signature\/assets\/images\/legally-signed.svg\" alt=\"WP E-Signature\"\/><\/a>\n\t\t\t<\/div>\n\t\t\t<div class=\"col-sm-4 rtl-site-name\">\n\t\t\t\t<span>endereco - Master Data Quality Experts<\/span>\n\t\t\t\t<a href=\"https:\/\/www.endereco.de\/en\" class=\"esig-sitename\" target=\"_blank\">https:\/\/www.endereco.de\/en<\/a>\n\t\t\t<\/div>\n\t\t<\/div>\n --------------->\n <p style=\"height:50px;\"><\/p>\n \n<link rel='stylesheet' id='esig-theme-style-audit-css' href='https:\/\/www.endereco.de\/wp-content\/plugins\/e-signature\/assets\/css\/audit-trail.css' type='text\/css' media='all' \/>\n\n\n\n<section id=\"audit-trail-wrapper\" class=\"column\">\n <div class=\"audit-trail-container\">\n <div class=\"header\" style=\"margin-bottom: 0 !important; padding-bottom: 0 !important;\">\n <br> <!-- Float layout for web view -->\n <div class=\"row document-info\">\n <div class=\"col left rtl-signature-certificate\">\n <div class=\"caption\" style=\"font-weight: normal;\">Signature Certificate<\/div>\n <div class=\"document-name\"><span>Agreement on commissioned processing pursuant to Art. 28 DSGVO<\/span><\/div>\n <div class=\"subcaption\">\n <span class=\"image-wrapper\"><img decoding=\"async\" style=\"width: 11px; height: 14px;\" src=\"https:\/\/www.endereco.de\/wp-content\/plugins\/e-signature\/assets\/images\/lock.png\" alt=\"Lock icon\"><\/span>\n <span class=\"esig-unique-text\">Unique Document ID: <\/span> <span class=\"esig-unique-id\">b2d8af1611245d8215ee51f1b999a9d838715204<\/span>\n <\/div>\n <\/div>\n <div class=\"col right logo rtl-sign-contracts\" style=\"max-width: 35%; box-sizing: border-box; overflow: visible !important;\">\n <div style=\"max-width: 100%; overflow: visible !important; box-sizing: border-box;\">\n <a href=\"\/\/aprv.me\/audit-trail\" target=\"_blank\" style=\"display: inline-block; max-width: 100%;\">\n <img decoding=\"async\" style=\"max-width: 130px !important; width: 130px !important; height: auto !important; display: block; object-fit: contain;\" src=\"https:\/\/www.endereco.de\/wp-content\/plugins\/e-signature\/assets\/images\/legally-signed.svg\" alt=\"Legally signed using WP E-Signature\">\n <\/a>\n <\/div>\n Build. Track. Sign Contracts. <\/div>\n <div class=\"clearfix\"><\/div>\n <\/div>\n <\/div>\n\n <section class=\"main\">\n \n <div class=\"row history clearfix rtl-clearfix-history\">\n <table class=\"layout display responsive-table\">\n <tbody>\n <tr>\n <td>Timestamp<\/td>\n <td>Audit<\/td>\n <\/tr>\n <tr><td class=\"time\">26. October 2021 15:38 CEST<\/td><td class=\"log\">Agreement on commissioned processing pursuant to Art. 28 GDPR Uploaded by Lena Schmitt - lena@endereco.de IP 93.193.193.1<\/td> <\/tr><tr><td class=\"time\">November 8, 2021 11:23 CEST<\/td><td class=\"log\"> Document owner robert@endereco.de has handed over this document to lena@endereco.de 2021-11-08 11:23:27 - 87.191.228.164<\/td> <\/tr><tr><td class=\"time\">November 16, 2023 12:16 CEST<\/td><td class=\"log\">Carolin Sch\u00f6nwei\u00df - carolin@endereco.de added by Lena Schmitt - lena@endereco.de as a CC'd Recipient Ip: 87.184.57.174<\/td> <\/tr><tr><td class=\"time\">November 17, 2023 9:19 CEST<\/td><td class=\"log\">Carolin Sch\u00f6nwei\u00df - carolin@endereco.de added by Lena Schmitt - lena@endereco.de as a CC'd Recipient Ip: 87.191.228.164<\/td> <\/tr><tr><td class=\"time\">August 26, 2024 9:44 CEST<\/td><td class=\"log\">Carolin Sch\u00f6nwei\u00df - carolin@endereco.de added by Lena Schmitt - lena@endereco.de as a CC'd Recipient Ip: 80.132.175.7<\/td> <\/tr><tr><td class=\"time\">September 5, 2024 11:05 CEST<\/td><td class=\"log\">Carolin Sch\u00f6nwei\u00df - carolin@endereco.de added by Lena Schmitt - lena@endereco.de as a CC'd Recipient Ip: 80.132.175.7<\/td> <\/tr><tr><td class=\"time\">24. January 2025 11:47 CEST<\/td><td class=\"log\">Carolin Sch\u00f6nwei\u00df - carolin@endereco.de added by Lena Schmitt - lena@endereco.de as a CC'd Recipient Ip: 93.193.203.185<\/td> <\/tr><tr><td class=\"time\">24. January 2025 11:58 CEST<\/td><td class=\"log\">Carolin Sch\u00f6nwei\u00df - carolin@endereco.de added by Lena Schmitt - lena@endereco.de as a CC'd Recipient Ip: 93.193.203.185<\/td> <\/tr><tr><td class=\"time\">24. January 2025 12:03 CEST<\/td><td class=\"log\">Carolin Sch\u00f6nwei\u00df - carolin@endereco.de added by Lena Schmitt - lena@endereco.de as a CC'd Recipient Ip: 93.193.203.185<\/td> <\/tr><tr><td class=\"time\">24. January 2025 12:11 CEST<\/td><td class=\"log\">Carolin Sch\u00f6nwei\u00df - carolin@endereco.de added by Lena Schmitt - lena@endereco.de as a CC'd Recipient Ip: 93.193.203.185<\/td> <\/tr><tr><td class=\"time\">24. January 2025 12:17 CEST<\/td><td class=\"log\">Carolin Sch\u00f6nwei\u00df - carolin@endereco.de added by Lena Schmitt - lena@endereco.de as a CC'd Recipient Ip: 93.193.203.185<\/td> <\/tr><tr><td class=\"time\">11 February 2025 13:12 CEST<\/td><td class=\"log\">Carolin Sch\u00f6nwei\u00df - carolin@endereco.de added by Lena Schmitt - lena@endereco.de as a CC'd Recipient Ip: 93.193.192.44<\/td> <\/tr><tr><td class=\"time\">26 March 2025 11:56 CEST<\/td><td class=\"log\">Carolin Sch\u00f6nwei\u00df - carolin@endereco.de added by Lena Schmitt - lena@endereco.de as a CC'd Recipient Ip: 87.184.55.11<\/td> <\/tr><tr><td class=\"time\">7 May 2025 9:54 CEST<\/td><td class=\"log\">Carolin Sch\u00f6nwei\u00df - carolin@endereco.de added by Lena Schmitt - lena@endereco.de as a CC'd Recipient Ip: 87.184.63.5<\/td> <\/tr><tr><td class=\"time\">June 18, 2025 10:54 CEST<\/td><td class=\"log\">Carolin Sch\u00f6nwei\u00df - carolin@endereco.de added by Lena Schmitt - lena@endereco.de as a CC'd Recipient Ip: 80.132.163.79<\/td> <\/tr><tr><td class=\"time\">June 18, 2025 10:57 CEST<\/td><td class=\"log\">Carolin Sch\u00f6nwei\u00df - carolin@endereco.de added by Lena Schmitt - lena@endereco.de as a CC'd Recipient Ip: 80.132.163.79<\/td> <\/tr><tr><td class=\"time\">June 26, 2025 11:31 CEST<\/td><td class=\"log\">Carolin Sch\u00f6nwei\u00df - carolin@endereco.de added by Lena Schmitt - lena@endereco.de as a CC'd Recipient Ip: 80.187.86.209<\/td> <\/tr><tr><td class=\"time\">June 27, 2025 9:26 CEST<\/td><td class=\"log\">Carolin Sch\u00f6nwei\u00df - carolin@endereco.de added by Lena Schmitt - lena@endereco.de as a CC'd Recipient Ip: 80.132.169.89<\/td> <\/tr><tr><td class=\"time\">July 10, 2025 10:56 CEST<\/td><td class=\"log\">Carolin Sch\u00f6nwei\u00df - carolin@endereco.de added by Lena Schmitt - lena@endereco.de as a CC'd Recipient Ip: 80.132.173.102<\/td> <\/tr><tr><td class=\"time\">July 15, 2025 8:08 CEST<\/td><td class=\"log\">Carolin Sch\u00f6nwei\u00df - carolin@endereco.de added by Lena Schmitt - lena@endereco.de as a CC'd Recipient Ip: 93.193.198.245<\/td> <\/tr><tr><td class=\"time\">April 15, 2026 9:00 CEST<\/td><td class=\"log\">Carolin Sch\u00f6nwei\u00df - carolin@endereco.de added by Lena Schmitt - lena@endereco.de as a CC'd Recipient Ip: 93.193.193.1<\/td> <\/tr> <\/tbody>\n <\/table>\n <\/div>\n <\/section>\n\n <div class=\"clearfix\"><\/div>\n <div class=\"footer\">\n <div class=\"row clearfix\">\n <div class=\"col left page-url-qr rtl-weapper\">\n <div class=\"wrapper\">\n <img decoding=\"async\" style=\"width: 90px; height: 90px;\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAIQAAACEAQMAAABrihHkAAAABlBMVEX\/\/\/8AAABVwtN+AAAAAXRSTlMAQObYZgAAAAlwSFlzAAAOxAAADsQBlSsOGwAAARlJREFUSImllUF2xDAIQ7kB978lN1D5Ypp2O4rfxB7\/hSNAJiVppG5NdbGpjEzx65lnExLNdO3TAs8bsvPuV+FLIm\/6HSlWqep\/7N8Tkv2MpxbfEwa6NlDVM74nF+u+oNEpa07Irg2lkHd6RpixgVMPTMnO2IBDcfmEpM7hTbBjtRlhS7YIGb2VEtzkI1EKzUg7\/S1K2PZTRqaxJDLt0E7JtqG6JnB1iAnqau5pOyEiF227lTiDIeHeb95XJh7FWiEh2\/uHEpYVZoRzXQEf7y6QkfKN5cZ8bnFGZA\/Inrq+lpF6qJOnlLjTIs+fkst8QuY3VPfbyYkviIzptG9IX59U2VEviFw+1omJL0f1X\/0ycpmnr+m+2Bn5AR00t73rtO0lAAAAAElFTkSuQmCC\" alt=\" Audit trial Qr code \">\n <\/div>\n <\/div>\n <div class=\"col text left pdf-right rtl-weapper-text\">\n This audit trail report provides a detailed record of the online activity and events recorded for this document. <\/div>\n <div class=\"col right\">\n <\/div>\n <div class=\"clearfix\"><\/div>\n <\/div>\n <\/div>\n\n <\/div>\n\n <section class=\"bottom-footer\">\n <div class=\"blog-url pdf-blog-url\"><a href=\"https:\/\/endereco.de\/\">https:\/\/endereco.de\/<\/a><\/div>\n <\/section>\n <\/section>\n\n \n <\/div>\n<input type=\"hidden\" name=\"trp-form-language\" value=\"en\"\/><\/div>\n\n<div id=\"agree-button-tip\" style=\"display:none;\">\n <div class=\"header\">\n <span class=\"header-title\">Agree & Sign Below<\/span>\n <\/div>\n <p>\n Click on \"Agree & Sign\" to legally sign this document and agree to the WP E-Signature <a href=\"#\" data-toggle=\"modal\" data-target=\".esig-terms-modal-lg\" id=\"esig-terms\" class=\"doc-terms\">Terms of Use<\/a>.\n If you have questions about the contents of this document, you can email the <span class=\"hint--bottom hint--rounded hint--bounce\" data-hint=\"lena@endereco.de\"> <a href=\"mailto:lena@endereco.de\"> document owner.<\/a><\/a>\n <\/p>\n<\/div>\n<style type=\"text\/css\">\n .mobile-overlay-bg {\n position: fixed;\n top: 0;\n }\n\n .mobile-overlay-bg-black {\n background: black !important;\n margin: 0 !important;\n padding: 0 !important;\n }\n\n .esig-default-type-sign #tabs-1{\n display: none !important;\n }\n\n .esig-default-type-sign #tabs-2{\n display: block !important;\n }\n\n .esig-default-type-mobile #mobile-type-signature{\n display: block !important;\n }\n\n .esig-default-type-mobile #mobile-draw-signature{\n display: none !important;\n }\n\n<\/style>\n<div class=\"mobile-overlay-bg\" style=\"display:none;\">\n\n <div class=\"overlay-content\">\n <p class=\"overlay_logo\"><img decoding=\"async\" src=\"https:\/\/www.endereco.de\/wp-content\/plugins\/e-signature\/assets\/images\/approveme-whitelogo.svg\" width=\"120px\" height=\"80px\" \/><\/p>\n <a class=\"closeButton\"><\/a>\n\n <div class=\"overlay-content\">\n <p align=\"center\" class=\"doc_title\" id=\"doc_title\"> Document Name: Agreement on commissioned processing pursuant to Art. 28 DSGVO<\/p>\n <p>\n Click on \"Agree & Sign\" to legally sign this document and agree to the WP E-Signature <a href=\"https:\/\/www.approveme.com\/terms-of-use\/\" target=\"_blank\" class=\"doc-terms\">Terms of Use<\/a>.\n <\/p>\n <p> <\/p>\n <p align=\"center\" id=\"esign_click_mobile_submit rtl-submit\">\n <a href=\"#\" class=\"agree-button\" title=\"Agree and submit your signature.\">Agree & Sign<\/a>\n <\/p>\n <\/div>\n <\/div>\n<\/div>\n\n<!-- terms and condition start here -->\n\n<div class=\"modal fade esig-terms-modal-lg\" tabindex=\"-1\" role=\"dialog\" aria-labelledby=\"myLargeModalLabel\" aria-hidden=\"true\" >\n <div class=\"modal-dialog modal-lg\">\n <div class=\"modal-content\">\n <div class=\"modal-header\">\n\n <h4 class=\"modal-title\" id=\"myModalLabel\">Terms of Use<\/h4>\n <button type=\"button\" class=\"close\" data-dismiss=\"modal\"><span aria-hidden=\"true\">\u00d7<\/span><span class=\"sr-only\"><\/span><\/button>\n <\/div>\n <div class=\"modal-body\">\n <h1>Loading ........<\/h1>\n\n <\/div>\n <\/div>\n <\/div>\n<\/div>\n\n\n<!-- mobile signature modal -->\n\n<\/form>","protected":false},"excerpt":{"rendered":"","protected":false},"author":6,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"class_list":["post-23915","page","type-page","status-publish","hentry"],"aioseo_notices":[],"acf":[],"_links":{"self":[{"href":"https:\/\/www.endereco.de\/en\/wp-json\/wp\/v2\/pages\/23915","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.endereco.de\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.endereco.de\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.endereco.de\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.endereco.de\/en\/wp-json\/wp\/v2\/comments?post=23915"}],"version-history":[{"count":0,"href":"https:\/\/www.endereco.de\/en\/wp-json\/wp\/v2\/pages\/23915\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.endereco.de\/en\/wp-json\/wp\/v2\/media?parent=23915"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}