Personal Data and General Confidentiality Agreement

Personal Data and General Confidentiality Agreement

SyncSEO – AvoTech GmbH, Reutlingen, Germany

Last Updated: 12.12.2024

This Personal Data and General Confidentiality Agreement ("Agreement") is entered into between SyncSEO, a subsidiary of AvoTech GmbH, located in Reutlingen, Baden-Württemberg, Germany ("Company"), and the Customer, Partner, or any Third Party ("Party") who has access to confidential information and personal data through the services provided by SyncSEO.

This Agreement outlines the obligations and responsibilities regarding personal data protection, confidentiality, and compliance with applicable laws, including GDPR (General Data Protection Regulation) and German data protection laws.

1. Definitions

1.1 Company: SyncSEO, a subsidiary of AvoTech GmbH, offering hosting, IT, and cybersecurity solutions.
1.2 Confidential Information: Any data, records, intellectual property, business strategies, or other non-public information disclosed in the course of business.
1.3 Personal Data: Any information that identifies an individual, as defined under GDPR and German data protection laws.
1.4 Data Controller: The entity that determines the purpose and means of processing personal data.
1.5 Data Processor: The entity that processes personal data on behalf of the Data Controller.
1.6 Third Party: Any entity other than SyncSEO and the Customer that may process or access confidential information.

2. Purpose of the Agreement

2.1 This Agreement governs the handling of personal data and confidential information exchanged between the Company and the Party.
2.2 The Company and the Party agree to comply with GDPR, the German Federal Data Protection Act (BDSG), and all other applicable regulations to ensure data privacy and security.

3. Data Protection and GDPR Compliance

3.1 Lawful Processing:

• The Company shall only process personal data lawfully, fairly, and transparently, in compliance with Article 6 of the GDPR.
• Personal data shall be processed only for specified and legitimate purposes.

3.2 Data Security Measures:

• The Company shall implement appropriate technical and organizational security measures to protect personal data against unauthorized access, loss, or misuse, as per Article 32 of the GDPR.
• These measures include encryption, pseudonymization, regular security audits, and access controls.

3.3 Confidentiality of Personal Data:

• The Party shall not disclose or share any personal data with unauthorized third parties.
• Any processing of personal data must be carried out only for the agreed purpose and with appropriate safeguards.

3.4 Data Retention & Deletion:

• Personal data will be retained only for the necessary duration required by law or as agreed.
• Upon termination of the contractual relationship, the Company shall delete or anonymize all personal data, unless legal obligations require retention.

4. Confidentiality Obligations

4.1 Non-Disclosure of Confidential Information:

• The Party agrees to maintain the strict confidentiality of all confidential information disclosed by SyncSEO.
• The Party shall not copy, distribute, or disclose confidential information without prior written consent.

4.2 Permitted Use:

• Confidential information shall be used only for the purpose of providing services and shall not be exploited for personal or competitive advantage.

4.3 Exceptions:

• The confidentiality obligation does not apply if the information:
  • Was already in the public domain before disclosure.
  • Was independently developed by the Party.
  • Must be disclosed due to a legal obligation or government request (provided the Company is notified in advance, where legally possible).

5. Data Subject Rights

5.1 Under Articles 12-23 of the GDPR, data subjects have the following rights regarding their personal data:

• Right to Access (Article 15 GDPR) – The right to request a copy of their personal data.
• Right to Rectification (Article 16 GDPR) – The right to correct inaccurate or incomplete data.
• Right to Erasure (Article 17 GDPR) – The right to request data deletion ("right to be forgotten").
• Right to Restriction of Processing (Article 18 GDPR) – The right to limit how data is processed.
• Right to Data Portability (Article 20 GDPR) – The right to transfer personal data to another provider.
• Right to Object (Article 21 GDPR) – The right to object to data processing based on legitimate interests.
• Right to Withdraw Consent – The right to revoke consent at any time, without affecting prior lawful processing.

5.2 The Company shall respond to data subject requests within one month, in compliance with GDPR.

6. Data Transfer and Third-Party Access

6.1 Personal data may only be transferred to third parties with the explicit consent of the data subject or under a legally valid data processing agreement.
6.2 The Company shall not transfer personal data outside the European Economic Area (EEA) unless compliant with GDPR safeguards, such as Standard Contractual Clauses (SCCs) or an adequacy decision.

7. Breach Notification

7.1 In the event of a data breach, the Company shall:

• Notify the relevant data protection authority within 72 hours, in accordance with Article 33 GDPR.
• Notify affected individuals if the breach poses a risk to their rights and freedoms.
• Take immediate action to contain and remediate the breach.

8. Liability and Indemnification

8.1 The Party shall be fully responsible for any breach of this Agreement and shall indemnify the Company against any claims, fines, or damages resulting from non-compliance.
8.2 The Company’s liability is limited to direct damages, excluding indirect or consequential losses.

9. Term and Termination

9.1 This Agreement remains in effect for the duration of the business relationship and continues to apply even after termination with respect to previously disclosed confidential information.
9.2 Either party may terminate this Agreement with 30 days' written notice.
9.3 Upon termination, the Party must return or securely destroy all confidential information and personal data, unless required by law to retain it.

10. Governing Law and Jurisdiction

10.1 This Agreement is governed by German law and applicable EU regulations (GDPR, BDSG).
10.2 Any disputes shall be settled in the competent courts of Stuttgart, Germany.

11. Miscellaneous

11.1 If any provision of this Agreement is deemed invalid, the remaining provisions shall continue in full force.
11.2 This Agreement constitutes the entire agreement regarding personal data and confidentiality between the parties.
11.3 Amendments to this Agreement must be made in writing and signed by both parties.

12. Contact Information

For any inquiries regarding this Agreement or data protection matters, please contact:

📍 SyncSEO – AvoTech GmbH
📍 Reutlingen, Baden-Württemberg, Germany
📧 info@syncseo.de
📞 +49 7121 8796420

By signing this Agreement or using SyncSEO’s services, the Party acknowledges they have read, understood, and agreed to comply with its terms.

📌 Effective Date: 2.12.2024