Data Protection Agreement
We provide maximum protection for your data
This agreement is between
Data Processor or FakeScouts: FakeScouts GmbH, a company registered in Germany and headquartered at Beethovenstr. 5, 58452 Witten, Germany.
Data Controller: a person or company that controls the personal data processed using the FakeScouts Services.
Website: Fakescouts.com and any of its subdomains.
Service or Services: all content, services, and products available at or through the Website, including, but not limited to, verifying email addresses using the FakeScouts Website or API.
API: Automated application programming interface to connect the FakeScouts Services with other websites, servers, or applications.
Personal Data: any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
Data Subject: an individual to whom Personal Data relates.
Data Processing: processing of data on behalf of the Data Controller.
GDPR: General Data Protection Regulation (EU) 2016/679
Nature, purpose, and subject of Data Processing
Data processing aims first to invite and then verify the identity of a partner, business, or person. The data controller triggers the invitation process with an email template through the FakeScouts platform. The verification process happens in an online, partly automated system. The subject matter of the contract is inviting business partners to use the FakeScouts platform.
Type of Personal Data
For the invitation of new business partners, FakeScouts requires the email address only as contact data.
Categories of Data Subject
Data Subjects may fall into any of the following categories: customers, potential customers, subscribers, employees, suppliers, sales agents, contact persons, or any other types.
It is agreed that by signing this Data Protection Agreement, any previous Data Protection Agreements between the Data Controller and Data Processor are terminated with immediate effect. Nothing within this contract relieves the Data Processor nor the Data Controller of its direct responsibilities and liabilities under the GDPR.
The Data Processor processes a large amount of Personal Data. Therefore it has appointed a data protection officer: Mr. Thorsten Hunsicker (contact DPO: firstname.lastname@example.org).
The Data Processor provides the Data Controller with whatever information it needs to ensure they both meet the obligations under GDPR. The Data Controller is responsible for maintaining Data Subjects’ rights. The Data Processor assists the Data Controller allowing Data Subjects to exercise their rights.
The Data Processor ensures that people accessing the Personal Data are subject to a duty of confidence. The Data Processor may not use sub-processors without the prior written authorization of the Data Controller.
The Data Processor will keep all Personal Data confidential and not disclose such data to third parties unless it has been authorized by the Data Controller or is required by law.
Cross Border Transfer of Personal Data
The Data Processor stores Personal Data on its servers in the European Union.
Security of Processing
The Data Processor takes appropriate measures to ensure the security of Data Processing. The Data Processor provides SSL protection on all its Website. The Data Processor does not store Personal Data processed through single API calls. Servers that process or store raw data are accessible through the Data Processor’s own virtual private platform only.
The data is processed automatically on the Data Processor’s servers, without human interaction. In case the Data Processor needs to investigate a complaint, the Data Processor might process or re-process data through its system. The Data Processor makes sure the colleagues are vetted and trained before allowing them to complete any review. This review happens in a safe environment, and all files are deleted after the review process analysis.
From time to time, the Data Processor might use contractors to develop its Services. These contractors must expressly agree not to use data other than requested explicitly by the Data Processor. All employees and contractors of the Data Processor accessing Personal Data are required to sign a non-disclosure agreement. The Data Processor completes data protection impact assessments at least once a year and takes necessary actions to improve data security if any improvement areas are found.
Deletion of Personal Data
The Data Processor does not store any original files. The Data Controller may delete their data records at any time.
Personal Data processed using real-time API are not stored at all by the Data Processor.
Personal Data Breach
The Data Processor will notify the Data Controller about any Personal Data breaches – including but not limited to accidental or unlawful access or disclosure – within 72 hours of becoming aware of the offense.
The Data Processor shall not be liable for any of the Data Controller’s claims, damages, losses, expenses, costs, or other liability in the event of Personal Data breach or loss under any circumstances.
The Data Processor agrees to coordinate with supervisory authorities.
Instructions and Logs
The Data Controller must instruct the Data Processor to process Personal Data. The Data Processor will process as and when the Data Controller instructs. The Data Processor provides a fully automated system where the Data Controller can initiate Data Processing.
- When the Data Controller manually uploads Personal Data in a file, the Data Controller must click on a button to start/initiate the invitation process.
- Files containing Personal Data uploaded using bulk API may be started automatically, depending on the system provided.
- Personal Data processed using real-time API is handled automatically.
The Data Processor keeps logs of all activities. Such as but not limited to file upload or successful API calls.
Either party may terminate this agreement by giving each other 1 week of notice in writing. If both parties agree to a new Data Protection Agreement, it is effective immediately after the signature.
This agreement and any dispute or claim arising out of or in connection with it shall be governed by the court’s law in Witten, Germany.
FakeScouts GmbH is a company registered in Germany and headquartered at Beethovenstr. 5, 58452 Witten, Germany.