Processing Index for GDPR

Read more ...

One of the requirements of the GDPR is to know which personal data you are collecting, processing, sharing in your organisation. To do that you have to create a Processing Index and you could use our GDPR Tool for that.

Processing index with GDPR Tool

To add or edit your processing activities, recipients, and technical and organisational measures (TOM), you need to have an active subscription to the service.
When your subscription has expired, you can still download the PDFs that you have created.

One of the requirements of the GDPR is to know which personal data you are collecting, processing, sharing in your organisation. To do that you have to create a Processing Index and you could use our GDPR Tool for that.

Processing index with GDPR Tool

Creating a processing index can be a lot of work. Our GDPR Tool will make it easier and faster:

1. We will help you to set up a Processing Index for all your activities in a structured way
2. You will get practical examples from the field that you can easily select (can save you a lot of typing) or you can add your own
3. After you are done, you can download a PDF for your GDPR documentation

Read more ...

Data2.eu was founded by Peter Martin and Sigrid Gramlinger in December 2017. They both knew each other from the international Joomla community for some years. Joomla is an award winning Content Management System to create websites and webapplications, developed and supported by a large international community.

When Sigrid and Peter met again at Joomla World Conference 2017 in Rome (Italy), during dinner they were both discussing the GDPR and its consequences for their businesses. Peter had an idea for a Software as a Service (SaaS) and Sigrid was enthusiastic immediatelly. They decided to team up, worked out the idea and developed the Saas in four months time. 

Software as a Service

Companies and organisations have to comply with the GDPR regarding their processing and storing of personal data. One of the things you need to do to comply, the registration of all processing activities and technical and organisational measures, can be quite a hassle. So we offer a service to make it easier for companies to comply with the GDPR. 

The service “data2.eu” is offered over the internet in the form of Software-as-a-Service by the company data2.eu. The use of data2.eu is subject to the following terms and conditions. Using data2.eu constitutes acceptance of these terms and conditions. Deviations from these terms and conditions is possible only by means of written confirmation by data2.eu.

Article 1. The service

1.1. With the data2.eu GDPR Tool, you can create, print and download step by step your processing index with many examples from different fields of business. You need this to comply with the GDPR.
1.2. To use the data2.eu GDPR Tool, you first need to register. You need to use your real name and your genuine email address. After completing registration, you can directly log into your account. To use the service, you need to add your invoice details, choose and pay a subscription.
1.3. You must secure access to your account using the username and password. In particular you must keep the password strictly confidential. data2.eu may assume that all actions undertaken from your account after logging in with your username and password is authorized and supervised by you. This means you are liable for these actions, unless and until you have notified data2.eu that someone else knows your password.
1.4. data2.eu processes your personal data. You give your consent for all forms of processing within the scope of the service. Consult the privacy statement of data2.eu for more information.

Article 2. Terms of use

2.1. It is not permitted to use data2.eu for any purpose that violates Dutch or other applicable law or regulation. This includes (among others) the storage or transmission of data using the service that is slanderous, libelous or racist.
2.2. Should data2.eu discover that you violate any of the above, or receive a complaint alleging the same, then data2.eu may intervene to end the violation.
2.3. If in the opinion of data2.eu the continued functioning of the computer systems or network of data2.eu or third parties is actually or under threat of being damaged or jeopardized, for example through excessive transmission of e-mail or other data, leaks of personal data or virus activity, data2.eu may take all steps it deems reasonably necessary to end or avert such damage or jeopardy.
2.4. data2.eu is at all times entitled to file a criminal complaint for any offenses committed through or using the service.
2.5. data2.eu may recoup from you all damages it suffers as a result of your violation of these terms of use. You agree and hold harmless data2.eu from all third-party claims arising out of your violation of these terms of use.

Article 3. Availability and maintenance

3.1. data2.eu uses its best efforts to have the service available at all times but makes no guarantees about uninterrupted availability.
3.2. data2.eu actively maintains the website and service https://data2.eu. Maintenance can take place at any time, even if this may negatively impact the availability of the service. Maintenance is announced in advance whenever possible.

3.3. data2.eu may from time to time adapt the Software-as-a-Service . Your feedback and suggestions are welcome but ultimately data2.eu decides which adaptations to carry out (or not).

Article 4. Intellectual property

4.1. The service data2.eu, the accompanying software as well as all information and images on the website is the intellectual property of data2.eu, except for the images that we are using under the Creative Commons license. None of these items may be copied or used without prior written permission of data2.eu, except and to the extent permitted by mandatory law.
4.2. Information you store or process using the service is and remains your property. data2.eu receives a limited license to use this information for the service, including for future aspects thereof. You can cancel this license by removing the information in question and/or terminating the agreement.
4.3. If you send information to data2.eu, for example a bug report or suggestion for improvement, you grant data2.eu a perpetual and unlimited license to use this information for the service. This does not apply to information you expressly mark as confidential.
4.4. data2.eu shall refrain from accessing data you store or transfer using data2.eu, unless this is necessary for a good provision of the service or data2.eu is forced to do so by law or order of competent authority. In these cases data2.eu shall use its best efforts to limit access to the information as much as possible.

Article 5. Compensation for the service

5.1. The use of the data2.eu GDPR Tool is subject to a fee. The fee is dependent on the subscription time which you choose when buying a subscription. The fee must be paid in advance. 
5.2. Payment is possible via online payments for which we use Mollie as payment processor. When you order a subscription on our site, you'll make the payment for the service via our payment processor. We do not receive any information about your bank account, credit card, paypal account or specific details from whatever payment method you choose. The payment processor will only communicate to us which payment method has been chosen and if your payment has been successful or not.
5.3. Because the service is started directly at your express request, a payment cannot be refunded under the Distance Selling Act.

Article 6. Limitation of liability

6.1. Except in case of intentional misconduct or gross negligence the liability of data2.eu shall be limited to the amount paid by you in the three months prior to the moment the cause of the damage occurred.
6.2. data2.eu in no event is liable for indirect damages, consequential damages, lost profits, missed savings or damages through business interruption.
6.3. Damages may only be claimed if reported in writing to data2.eu at most two months after discovery.
6.4. In case of force majeure data2.eu is never required to compensate damages that you suffered. Force majeure includes among others disruptions or unavailability of the internet, telecommunication infrastructure, power interruptions, riots, traffic jams, strikes, company disruptions, interruptions in supply, fires and floods.

Article 7. Term and termination

7.1. This agreement enters into force as soon as you first use the service and then remains in force until terminated.
7.2. If you entered into this agreement as a consumer, you may terminate the agreement at any time with a notice period of one month, calculated from the moment of the notice. Non-consumers can terminate the agreement with a notice period of two months.
7.3. data2.eu is entitled to terminate the agreement if you have not used the service at all in the last 18 months. In such an event data2.eu shall first send a reminder mail to the e-mail address connected to your account.
7.4. You can export the data you stored or processed using the service at any time through the service interface as PDF.

Article 8. Changes to terms

8.1. data2.eu may change or add to these terms and conditions as well as any prices at any time.
8.2. data2.eu shall announce through the service changes or additions at least thirty days before their taking effect.
8.3. If you do not want to accept a change or addition, you can terminate the agreement until the date the changes take effect. Use of data2.eu after the date of effect shall constitute your acceptance of the changed or added-to terms and conditions.

Article 9. Miscellaneous provisions

9.1. Dutch law applies to this agreement.
9.2. Except to the extent determined otherwise by mandatory applicable law all disputes arising in connection with data2.eu shall be brought before the competent Dutch court for the principal place of business of data2.eu.
9.3. For any clause in these terms and conditions that demand that a statement must be done “in writing” to be legally valid, a statement by e-mail or communication through the data2.eu service shall be sufficient provided with sufficient certainty the authenticity of the sender can be established and the integrity of the statement has not been compromised.
9.4. The version of any communication or information as recorded by data2.eu shall be deemed to be authentic, unless you supply proof to the contrary.
9.5. In case any part of these terms and conditions are declared legally invalid, this shall not affect the validity of the whole of the agreement. The parties shall in such an event agree on one or more replacement provisions that approximate the original intent of the invalid provision(s) within the limits of the law.
9.6. data2.eu is entitled to transfer its rights and obligations under this agreement to a third party as part of an acquisition of data2.eu or the associated business activities.

1. An overview of data protection 

General

The following gives a simple overview of what happens to your personal information when you visit our website. Personal information is any data with which you could be personally identified. Detailed information on the subject of data protection can be found in our privacy policy found below.

Data collection on our website

Who is responsible for the data collection on this website?

The data collected on this website are processed by the website operator. The operator's contact details can be found in the website's required legal notice.

How do we collect your data?

Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form.

Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.

What do we use your data for?

Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyze how visitors use the site.

What rights do you have regarding your data?

You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected, blocked, or deleted. You can contact us at any time using the address given in the legal notice if you have further questions about the issue of privacy and data protection. You may also, of course, file a complaint with the competent regulatory authorities.

Analytics and third-party tools

When visiting our website, statistical analyses may be made of your surfing behavior on our website. This happens primarily using cookies and analytics. The analysis of your surfing behavior is usually anonymous, i.e. we will not be able to identify you from this data. You can object to this analysis or prevent it by using certain tools. Detailed information can be found in the following privacy policy. We will inform you below about how to exercise your options in this regard.

2. General information and mandatory information

Data protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations and this privacy policy.

If you use this website, various pieces of personal data will be collected. Personal information is any data with which you could be personally identified. This privacy policy explains what information we collect and what we use it for. It also explains how and for what purpose this happens.

Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.

Notice concerning the party responsible for this website

The party responsible for processing data on this website is:

Peter Martin & Sigrid Gramlinger-Moser
data2.eu
Galiciestraat 35
6663 NR Lent

Telephone: +31 (0) 644214500
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).

Revocation of your consent to the processing of your data

Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

Right to file complaints with regulatory authorities

If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities: https://autoriteitpersoonsgegevens.nl/

Right to data portability

You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.

TLS encryption

This site uses TLS encryption (Formerly known as SSL) for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon is displayed in your browser's address bar.

If TLS encryption is activated, and you have checked that the certificate is ours, then the data you transfer to us cannot be read by third parties.

Encrypted payments on this website

If you enter into a contract which requires you to send us your payment information (e.g. account number for direct debits), we will require this data to process your payment.

Payment transactions using common means of payment (Visa/MasterCard, direct debit) are only made via encrypted SSL or TLS connections. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon in your browser line is visible.

In the case of encrypted communication, and you have checked that the certificate is ours, any payment details you submit to us cannot be read by third parties.

Information, blocking, deletion

As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected, blocked or deleted. You can contact us at any time using the address given in our legal notice if you have further questions on the topic of personal data.

Opposition to promotional emails

We hereby expressly prohibit the use of contact data published in the context of website legal notice requirements with regard to sending promotional and informational materials not expressly requested. The website operator reserves the right to take specific legal action if unsolicited advertising material, such as email spam, is received.

3. Data collection on our website

Cookies

Some of our web pages use cookies. Cookies do not harm your computer and do not contain any viruses. Cookies help make our website more user-friendly, efficient, and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called "session cookies." They are automatically deleted after your visit. Other cookies remain in your device's memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.

Cookies which are necessary to allow electronic communications or to provide certain functions you wish to use are stored pursuant to Art. 6 paragraph 1, letter f of GDPR. The website operator has a legitimate interest in the storage of cookies to ensure an optimized service provided free of technical errors. If other cookies (such as those used to analyze your surfing behavior) are also stored, they will be treated separately in this privacy policy.

Server log files

The website provider automatically collects and stores information that your browser automatically transmits to us in "server log files". These are:

• Browser type and browser version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of the server request
• IP address

These data will not be combined with data from other sources.

The basis for data processing is Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.

Contact and Support form

Should you send us questions via the contact or support form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission.

We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1)(a) GDPR. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.

Registration on this website

You can register on our website in order to access additional functions offered here. The input data will only be used for the purpose of using the respective site or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject your registration.

To inform you about important changes such as those within the scope of our site or technical changes, we will use the email address specified during registration.

We will process the data provided during registration only based on your consent per Art. 6 (1)(a) GDPR. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

We will continue to store the data collected during registration for as long as you remain registered on our website. Statutory retention periods remain unaffected.

Processing of data (customer and contract data)

We collect, process, and use personal data only insofar as it is necessary to establish, or modify legal relationships with us. This is done based on Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract. We collect, process and use your personal data when accessing our website (usage data) only to the extent required to enable you to access our service or to bill you for the same.

Collected customer data shall be deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.

Data transmitted when entering into a contract with online service

We transmit personally identifiable data to third parties only to the extent required to fulfill the terms of your contract, for example, to companies entrusted to deliver goods to your location or banks entrusted to process your payments. Your data will not be transmitted for any other purpose unless you have given your explicit permission to do so. Your data will not be disclosed to third parties for advertising purposes without your explicit consent.

The basis for data processing is Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.

Data transferred when signing up for services and digital content

We transmit personally identifiable data to third parties only to the extent required to fulfill the terms of your contract with us, for example, to banks entrusted to process your payments.

Your data will not be transmitted for any other purpose unless you have given your explicit permission to do so. Your data will not be disclosed to third parties for advertising purposes without your explicit consent.

The basis for data processing is Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.

4. Analytics and advertising

Google Analytics

This website uses Google Analytics, a web analytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses so-called "cookies". These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

Google Analytics cookies are stored based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.

IP anonymization

We have activated the IP anonymization feature on this website. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.

Browser plugin

You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

Objecting to the collection of data

You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site: Disable Google Analytics.

For more information about how Google Analytics handles user data, see Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.

Outsourced data processing

We have entered into an agreement with Google for the outsourcing of our data processing and fully implement the strict requirements of the EU data protection authorities when using Google Analytics.

5. Newsletter

Newsletter data

If you would like to receive our newsletter, we require your name and a valid email address as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive this newsletter. We store your IP address as technical measure to protect our service. No additional data is collected or is only collected on a voluntary basis. We only use this data to send the requested information and do not pass it on to third parties.

We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1) (a) GDPR. You can revoke consent to the storage of your data and email address as well as their use for sending the newsletter at any time, e.g. through the "unsubscribe" link in the newsletter. The data processed before we receive your request may still be legally processed.

The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted. Data we have stored for other purposes (e.g. email addresses for the members area) remain unaffected.

6. Plugins and tools

YouTube

Our website uses plugins from YouTube, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.  If you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited. If you're logged in to your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account. YouTube is used to help make our website appealing. This constitutes a justified interest pursuant to Art. 6 (1) (f) GDPR. Further information about handling user data, can be found in the data protection declaration of YouTube under https://www.google.de/intl/de/policies/privacy.

7. Payment service providers

Mollie

Our website accepts payments via payment processor Mollie. The payment provider is Mollie B.V., Keizersgracht 313, 1016 EE, Amsterdam, Netherlands.

If you select payment via the payment methods that we currently offer (iDEAL, Bancontact, SOFORT Banking, Overboeking, PayPal, Bitcoin, KBC/CBC Payment Button, Belfius Direct Net), the payment data you provide will be supplied to those payment gateways based on Art. 6 (1) (a) (Consent) and Art. 6 (1) (b) GDPR (Processing for contract purposes). You have the option to revoke your consent at any time with future effect. It does not affect the processing of data previously collected.

PayPal

Our website accepts payments via PayPal. The provider of this service is PayPal (Europe) S.à.r.l & Cie, S.C.A. (22-24 Boulevard Royal, L-2449 Luxembourg.

If you select payment via PayPal, the payment data you provide will be supplied to PayPal based on Art. 6 (1) (a) (Consent) and Art. 6 (1) (b) GDPR (Processing for contract purposes). You have the option to revoke your consent at any time with future effect. It does not affect the processing of data previously collected.

Peter Martin & Sigrid Gramlinger-Moser
data2.eu
Galiciestraat 35
6663 NR Lent
Netherlands

Contact:

Telephone: +31 (0) 644214500
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Register entry:

data2.eu is a tradename of Coöperatie data2.eu U.A.
Entry in the Handelsregister (Netherlands)
Registering court: KvK Gelderland-Zuid
Registration number: 71624163

VAT:

VAT Id number: NL858788081B01

Responsible for contents:

Sigrid Gramlinger-Moser
Hans Pettenauer-G. 6/6
A-3400 Klosterneuburg
Austria

and

Peter Martin
Galiciestraat 35
6663 NR Lent
The Netherlands

Dispute resolution

The European Commission provides a platform for online dispute resolution (OS): https://ec.europa.eu/consumers/odr.

Liability for Contents

As service providers, we are liable for own contents of these websites. However, service providers are not obligated to permanently monitor submitted or stored information or to search for evidences that indicate illegal activities.

Legal obligations to removing information or to blocking the use of information remain unchallenged. In this case, liability is only possible at the time of knowledge about a specific violation of law. Illegal contents will be removed immediately at the time we get knowledge of them.

Liability for Links

Our offer includes links to external third party websites. We have no influence on the contents of those websites, therefore we cannot guarantee for those contents. Providers or administrators of linked websites are always responsible for their own contents.

The linked websites had been checked for possible violations of law at the time of the establishment of the link. Illegal contents were not detected at the time of the linking. A permanent monitoring of the contents of linked websites cannot be imposed without reasonable indications that there has been a violation of law. Illegal links will be removed immediately at the time we get knowledge of them.

Copyright

Contents and compilations published on these websites by the providers are subject to Dutch copyright laws. Reproduction, editing, distribution as well as the use of any kind outside the scope of the copyright law require a written permission of the author or originator. Downloads and copies of these websites are permitted for private use only.
The commercial use of our contents without permission of the originator is prohibited.

Copyright laws of third parties are respected as long as the contents on these websites do not originate from the provider. Contributions of third parties on this site are indicated as such. However, if you notice any violations of copyright law, please inform us. Such contents will be removed immediately