In order to ensure that our customers and any affiliates can use Anexia’s products and services in compliance with the GDPR, we have created new contractual obligations in the form of a “General Privacy Policy.”
We will change our General Terms and Conditions effective May 25, 2018, to incorporate these new legal obligations into all existing and future business relationships and contracts. This amendment to the Terms and Conditions implements the statutory requirements of the GDPR.
We thereby create legal certainty for our customers concerning all business relationships with us, regardless of whether these are existing or future contracts or simply the use of our products and services.
Article 28 of the GDPR requires that all types of commissioned data processing by a processor shall be governed by a contract or other legal act binding the processor to the client and it must be in writing pursuant to Article 28 (9) of the GDPR, also including electronic forms of written communication.
Since we assume the role of processor for many of our customers in the provision of products and services or the performance of contracts, we have created a “General Privacy Policy,” which will apply as of May 25 2018.
By means of this “General Privacy Policy” our customers, as the controller of all processing operations in which Anexia assumes the role of processor, will be legally compliant within the meaning of the GDPR, without requiring any separate actions to be taken. This General Privacy Policy already clearly regulates all duties required by Article 28 of the GDPR and thus constitute a binding legal instrument under Article 28 (3) and (9) GDPR.
Regardless of the aforementioned “General Privacy Policy” which already offers legal certainty and GDPR conformity for the data processing by Anexia as of May 25, 2018, you have the option to conclude an individual Data Processing Contract with us at any time. We have made the sample contract “Data Processing Agreement” available to you for this purpose. In the event that such a separate Data Processing Agreement is concluded, it replaces the commissioned data processing rules set out in the “General Privacy Policy.”
For customers/controllers from Germany, we also offer optional supplementary agreements in accordance with the following legal provisions:
If you are interested in this, please contact our Group Data Protection Officer.