GDPR compliance

We take great effort to comply with the General Data Protection Regulation (GDPR) and continuously implement necessary measures to ensure GDPR compliance within our company and the Kordiam application.

In fact, we have been subject to the extremely strict German data protection regulations for years, even before the GDPR. Countless lawyers and data protection officers on our customers' side have reviewed and approved both our contractual documents and the way we operate.

In case of ambiguity or when a necessary improvement in these aspects was identified we have made sure to meet the client’s requirements by implementing the necessary changes.

Kordiam as your data processor

The GDPR distinguishes between the Controller and the Processor of personal data in a customer - client relationship, such as the one we have with our customers at Kordiam.

You, as our customer, are the Controller and remain the owner of your data, while we process your data and therefore act as your Processor.

What we use your data for

The data you provide to us is primarily entered and used within the Kordiam application by the users in your organisation. We also use personal information to provide support and communication services which are related to your use of the Kordiam application.

For development and related testing purposes we anonymize data so that it is no longer considered as personal data.

We do not sell any of our customers' data and do not use it in any way unrelated to the task of providing the Kordiam application to our customers.

Main subcontractors

The Kordiam application is hosted within the European Union (EU) at AWS Europe. Our maintenance and operations partner Intetics is also located within the EU.

Hosting

We host at Amazon Web Services (AWS), the world's leading provider of hosting for Software-as-a-Service solutions such as Kordiam.

Our contractual partner is AWS Europe SARL (Luxembourg) and we host exclusively on servers which are located in the EU.

AWS guarantees GDPR for these services. AWS‘s data security and protection measures have been certified multiple times.

Maintenance and operations

On a day-to-day basis, the application is managed by a dedicated team based in the EU (Krakow, Poland) by our long-term partner Intetics sp. z o.o.).  

The production system and its data reside only on servers within the EU and a strictly limited and small number of members of this team have access to this system.

Related documents

The GDPR requires us to create and update a range of documents both for our relationship with you, the customer, as well as with our subcontractors.

Kordiam GmbH

Below is a list of documents for your review. Some of them are contracts that need to be signed (or that have been signed with our subcontractors) whereas others are internal documents which we are not legally obliged to make publicly available - but we are doing it anyway, even if anonymized or restricted in parts.

GDPR requires us to have compliant contracts with our sub-contractors. As we know that certain data protection officers like to check these contracts, please find below a range of contractual and related documents and links.

Intetics (maintenance and operations)

Amazon Web Services (AWS)