GDPR compliance
We take great effort to comply with the General Data Protection Regulation (GDPR) and continuously implement necessary measures to ensure GDPR compliance within our company and the Kordiam application.
In fact, we have been subject to the extremely strict German data protection regulations for years, even before the GDPR. Countless lawyers and data protection officers on our customers' side have reviewed and approved both our contractual documents and the way we operate.
In case of ambiguity or when a necessary improvement in these aspects was identified we have made sure to meet the client’s requirements by implementing the necessary changes.
Kordiam as your data processor
The GDPR distinguishes between the Controller and the Processor of personal data in a customer - client relationship, such as the one we have with our customers at Kordiam.
You, as our customer, are the Controller and remain the owner of your data, while we process your data and therefore act as your Processor.
What we use your data for
The data you provide to us is primarily entered and used within the Kordiam application by the users in your organisation. We also use personal information to provide support and communication services which are related to your use of the Kordiam application.
For development and related testing purposes we anonymize data so that it is no longer considered as personal data.
We do not sell any of our customers' data and do not use it in any way unrelated to the task of providing the Kordiam application to our customers.
Main subcontractors
The Kordiam application is hosted within the European Union (EU) at AWS Europe. Our maintenance and operations partner Intetics is also located within the EU.
Hosting
We host at Amazon Web Services (AWS), the world's leading provider of hosting for Software-as-a-Service solutions such as Kordiam.
Our contractual partner is AWS Europe SARL (Luxembourg) and we host exclusively on servers which are located in the EU.
AWS guarantees GDPR for these services. AWS‘s data security and protection measures have been certified multiple times.
Maintenance and operations
On a day-to-day basis, the application is managed by a dedicated team based in the EU (Krakow, Poland) by our long-term partner Intetics sp. z o.o.).
The production system and its data reside only on servers within the EU and a strictly limited and small number of members of this team have access to this system.
Related documents
The GDPR requires us to create and update a range of documents both for our relationship with you, the customer, as well as with our subcontractors.
Kordiam GmbH
Below is a list of documents for your review. Some of them are contracts that need to be signed (or that have been signed with our subcontractors) whereas others are internal documents which we are not legally obliged to make publicly available - but we are doing it anyway, even if anonymized or restricted in parts.
- Data Processing Agreement (DPA; can be signed electronically here)
This document is an annex to the main Kordiam Agreement and needs to be signed by both parties. - Technical and Organisational Measures (TOMs)
Annex to the Data Processing Agreement referring to Art. 32 GDPR - Record of Processing Activities
A high-level description of the processes we as a processor are handling for our customers, the controllers (Art. 30 (2) GDPR)
GDPR requires us to have compliant contracts with our sub-contractors. As we know that certain data protection officers like to check these contracts, please find below a range of contractual and related documents and links.
Intetics (maintenance and operations)
- ISO27001 certificate
Intetics' development centers have been certified according to this standard. - Data Protection Agreement between Desk-Net and Intetics
- Intetics - Technical and Organisational Measures (TOMs)
- Record of Processing Activities - Processor
A document outlining the processes related to personal data that Intetics handles for Kordiam (Art. 30 (2) GDPR).
Amazon Web Services (AWS)
- AWS ISO27001 Certificate
- And more comprehensive information on AWS' ISO27001 and the related ISO27018 certification.
- Comprehensive information by AWS about European Data Protection