As a processor, we have a high interest in handling confidential information and personal data in accordance with data protection requirements. This also includes the protection of rights, in particular the processing and fulfillment of requests from data subjects. Due to legal obligations, all requests from data subjects must be answered and fulfilled by the data controller within four weeks. Requests are forwarded to our data protection team and reviewed according to established processes. Before you receive a request we receive, it is pre-qualified by us.

The high integrity interests of our customers also include the handling of data privacy and security incidents. Due to the legal obligation to report all data protection incidents to the competent supervisory authority within 72 hours if the data protection incident is likely to result in a risk to the rights and freedoms of natural persons, a swift, structured review of security incidents is important and you will be informed without delay. Potential breaches can be detected by the information security structures or reported to and reviewed in detail by the information security and data protection team through the designated internal processes. In this way, we also review supposedly insignificant incidents and regularly train our employees on data privacy and IT security compliance.

contentbird provides comprehensive data protection information for the Content Marketing Suite. The information has a modular structure, its content is based on the booked product scope and is regularly updated by contentbird. According to the DSGVO, the information obligations under data protection law are the responsibility of the customer company (responsible party in the sense of Art. 4 No. 7 DSGVO). Our customers use their own privacy policy. Please contact our Customer Service at support@contentbird.io

contentbird has established comprehensive security measures. Special technical and organizational precautions have been taken for the home and mobile office area to ensure data protection and data security. The work devices are additionally equipped with a Virtual Private Network (VPN) and encrypted. Customer data is only kept in the data centers, access to the software is via https, access at system level by administrators is only possible for selected administrators via VPN. Special work guidelines exist for the home/mobile office area.

The scope of the processing of personal data mainly results from the description of processed data categories(contract for commissioned processing Operations and Trusted Content Software),(contract for commissioned processing Convert Software). Special categories of personal data are also covered in the annex to our Contract for Commissioned Data Processing. The data categories described in the GCU are therefore "broad".

A description of the technical and organizational measures (TOMs for short) can be found in Appendix A to our contract for commissioned processing (Contract for Commissioned ProcessingOperations and Trusted Content Software),(Contract for Commissioned Processing Convert Software). To demonstrate compliance with and further development of these measures, contentbird conducts regular internal audits and reviews in addition to a data protection and information security management system (DSMS/ISMS).

contentbird provides all services related to the Content Marketing Suite as an order processor, unless personal data is expressly processed for its own business purposes and may be processed legitimately. According to Art. 4 No. 7 DSGVO, the person responsible for data protection in the context of the use of the contentbird Content Marketing Suite is the customer company. In addition, processors (contentbird) are also data controllers within the meaning of the DSGVO, for example with regard to their own subcontractors or processing for their own business purposes

It is important to us that our subcontractors meet adequate security standards. Thus, we pay particular attention to compliance with the DSGVO in the context of contract processing and additionally to common security standards, such as certification according to ISO 27001.
Our data centers provide us with housing services, i.e. they provide us with power, rack space and Internet, including firewalls, load balancers and secure SSL certificates. Maintenance and installation of hardware and software is done by contentbird. The used data centers are checked and audited by contentbird in regular intervals. The data centers are an unconditional contractual component of the service and order processing, without which we cannot provide our products. Currently, data centers of the following providers are used:

• Amazon Frankfurt
• EMC HostCo GmbH
• Hetzner Online GmbH
  ‍

You can find the proofs and certifications of our subcontractors here:

• ISO certificate and proofs Amazon
• ISO certificate and proofs EMC HostCo
• ISO Certificate Hetzner Online GmbH

‍

‍

contentbird uses Intercom as a tool to process support requests. In our relationship with Intercom, we consider ourselves to be the responsible party within the meaning of data protection laws. Thus, Intercom is not a subcontractor in the sense of order processing. We base the use of Intercom in the context of support and thus the transfer of our customers' data (specifically, the business mail address of the user making the request) on the legitimate interest pursuant to Art. 6 (1) lit. f DSGVO. Alternatively, it is possible to contact the direct contact persons with a request, e.g. by e-mail. Intercom stores data in the USA.

Training and committing employees to the confidentiality of personal data and customer information is part of both onboarding and offboarding as well as data protection and information security management at contentbird. To this end, we regularly conduct internal data protection and awareness trainings focusing on data protection and information security. Our experts in the field are available to all colleagues as contact persons.

‍

In the event of a failure, a restore can usually take place immediately or on the same day. Files, databases and complete hard disks are backed up. There is redundant mirroring of the productive environment, so that even in the event of a failure of one data center, productive operation can be started up in another data center. Backups are geo-redundantly stored on encrypted data carriers. Restore tests are performed on a random basis. Backups are monitored and verified.

‍

In order to meet the legal requirements for data deletion, a global deletion concept was established at the process and product level. One focus is thus on the contentbird products, which, in order to meet the requirements of "privacy by design", contain implementations for data deletion. An essential component is the deletion of subscriber data, which can be deleted by the responsible party according to operational requirements. contentbird recommends that the retention period for subscriber data be set at six months.

We are happy to provide our customers with the information for the legally obligatory directory of processing activities upon request. However, the description of contentbird's processing activities with regard to commissioned processing does not replace the controller's obligation to include the processing in its own directory.

Within the interactive formats in the Convert module, it is possible to activate so-called "social share buttons" (XING, LinkedIn, Facebook, etc.). The buttons are not plugins of the social networks. Unless expressly specified, only external links are used. This means that data is only transmitted to the social networks when the website user clicks on the link.

für das Tippspiel wird im Local Storage für die automatische Anmeldung ein Anmelde-Token contilla-webapp-sportsbet-<KampagnenID>-token gesetzt. Die interaktiven Grafiken nutzen den Local Storage für bereits besuchte Hotspots.

The interactive content formats are integrated into the client's website by the client and are the client's responsibility.

contentbird Convert records the use of the played formats through automated and/or interaction-related messages to the delivering server (usually delivery.contentbird-convert.com; however, this can be configured differently on customer request to another subdomain on contentbird-convert.com or other domains owned by contentbird GmbH).

Among other things, the information collected allows conclusions to be drawn about the time of execution in the client browser, the use of content offered (for example, opening hotspots, displaying and clicking on inserted advertising spaces ("banners"), etc.), the progress within the timeline, and the total running time of the format. No personal information is collected in this context. Thus, no conclusions can be drawn about the user or the browser/computer used.

The raw data collected in this way is processed for use by the customer, aggregated in terms of time and event groups. This means that customers cannot perform individual analyses of individual end-user interactions. Customers do not have access to the raw data collected.

‍

The system history logs access attempts to the Content Operations Suite as well as modifying operations on records.

At contentbird, all hosting is "Made in Germany". Our certified data centers AWS in Frankfurt, as well as EMC HostCo GmbH and Hetzner Online GmbH offer the highest security standards for the storage and availability of your data. The fulfillment of the requirements of ISO 27001 is confirmed by EY CertifyPoint.

For contentbird, the protection and confidentiality of your data is of particular importance. Click here for the privacy policy of contentbird products.

‍

The Content Marketing Suite from contentbird offers you the possibility to work DSGVO-compliant.

Read here the terms of use of contentbird GmbH for the use of contentbird's Content Marketing Suite.

You can download our contracts for order processing(Contract for order processing Operations and Trusted Content Software),(Contract for order processing Convert Software) here directly for filling out. Please send the signed contract to: support@contentbird.io

‍