Pricing

1. Basic principles

(1) This data processing agreement (DPA) determines the rights and obligations in the case of processing personal data of third parties. It is valid from the moment the contract of use is concluded until the end of the “live period” of the VOXR, i.e. at the latest 10 days after the event or until the end of the contract of use, whichever is shorter. In case of an extension of the contract of use, this DPA will also be extended.

(2) The parties are the parties to the contract of use.

2. Roles

(1) For the purposes of this contract, VOXR assumes the role of processor, the VOXR user the role of data controller, as defined in the GDPR.

3. Subject and duration of the contract

(1) The parties enter into this agreement for the purpose of conducting information transfers and interactions between VOXR customer and an audience at an event, webinar, survey, or similar constellation.

(2) It is agreed that the order for personal data processing is limited to a maximum of three scenarios:

• The storage and publication of event participants in the VOXR Info Guide.
• The collection and storage of email addresses of event participants exclusively via the specific VOXR function of the Email Collector (also called “lead generator”) during live events for the purpose of sending information.
• The collection and, if applicable, publication of personal data for the purpose of assigning communication during live events, in particular for the purpose of directing a question to best. persons or data of questioners for the purpose of answering a question at a later date.

(3) The parties agree, that it is technically possible that outside of the above-mentioned groups of people, in principle, all persons whose personal data is entered through the tool could be affected and that VOXR is neither able nor responsible for controlling or preventing this, but that it is the responsibility of the person responsible.

(4) The processor provides the following processing operations by means of an algorithm:

• Recording and storage of information entered by the controller or his audience,
• Output of this information via websites determined by the responsible person,
• Automatic sorting, restricting, assigning, counting the data,
• Manual editing, reassignment, highlighting, copying and, if necessary, publishing of the data,
• Final deletion of data

4. Nature of the data / persons concerned

(1 ) The data subjects are for the scenarios agreed here:

• Storage and publication of event participants in the VOXR Info-Guide: Event participants, i.e. speakers, moderators, participants, assistants.
• Collection and storage of email addresses of participants: Participants of the event, i.e. customers, interested parties, partners, shareholders, employees as well as other paying or non-paying recipients and participants of the event(s)
• The collection and, if necessary, publication of personal data for the purpose of allocating communication during live events, in particular for the purpose of directing a question to best. Persons or data of questioners for the purpose of later answering a question: questioners and respondents of the event(s).

(2) The types of data collected for the three scenarios agreed here are:

• Storage and publication of event participants in the VOXR Info-Guide: Master data such as last name and/or first name(s), function, company, role in event(s), if applicable company and/or business and private telephone number(s), email and/or social media contacts, in each case however only within the scope of the individual or total legal requirements.
• Collection and storage of e-mail addresses of participants: Only the e-mail address.
• The collection and, if applicable, publication of personal data for the purpose of allocating communication during live events, in particular for the purpose of directing a question to best. Persons or data of questioners for the purpose of later answering a question: form of address, first name and/or surname(s), if applicable email address(es)

5. Scope / authority to issue instructions

(1) The contract is based on the concluded, time-limited contract of use and is only concluded with it.

(2) All instructions for the processing of data of data subjects are carried out by the responsible person using the VOXR tool. This concerns in particular, but by no means only, the creation, modification, deletion, structuring and de-structuring of data.

(3) Counting and structuring of data is carried out automatically by an algorithm.

(4) Structures can be created, changed or deleted by the responsible person using the VOXR tool.

(5) VOXR does not affect data processing by human hand and cannot be instructed to do so. An exception is made for data recovery measures after accidental deletion, should this be desired by the person responsible.

6. Duties of the controller

(1) The person responsible must ensure that – insofar as personal data are entered – all legal and other provisions are complied with, i.e. not only those of the GDPR, but also all other provisions that come into consideration, in particular, but not only, the personal rights and competition law.

(2) The person responsible undertakes to delete personal data entered into the VOXR by him or others, i.e. collected and stored no later than 10 days after it was collected or before the end of the user contract, whichever is shorter. The GDPR minimum principle as well as the right of deletion for affected persons according to GDPR remain unaffected by this and must be implemented by the responsible person if necessary even before the 10 days have expired.

(3) VOXR assumes no responsibility for legal violations resulting from deletion that is not timely or not performed at all, nor does it assume responsibility for other operations with personal data, structured or unstructured, that are not in compliance with the law.

(4) VOXR has the right (but not the obligation) to automatically or manually delete personal information on the 11th day after the end of the event or after the end of the period of use, whichever is earlier.

7. Obligations of the processor

1. VOXR shall ensure that the VOXR algorithm carries out the data processing initiated by the processor without delay and only in accordance with the rules of the algorithm.

(2) VOXR ensures that deletions in the database are final.

(3) VOXR maintains backups for a maximum of 31 days and ensures that these backups are also deleted after a maximum of 31 days.

(4) VOXR operates as a sub-processor:

a) the company Hetzner GmbH, Gunzenhausen as computer center, in which VOXR operates singular, single standing dedicated servers for the enterprise of VOXR, as well as

b) Dominic Pratt as external server admin.

With sub-processors there are DPAs, including TOM according to GDPR, which combined ensure that all obligations to the responsible party as stated in these DPAs, including TOM, can be fulfilled.

Sub-processors are bound by VOXR to at least the same level of data protection and confidentiality obligations as VOXR to the responsible party.

There are no other sub-processors at the time the contract is entered into.

(5) The use of further sub-processors is only possible,

(a) provided that VOXR notifies the controller of any intended change in the use or replacement of other processors, in such a manner that the controller has the opportunity to object to such changes; and

(b) the necessary agreements within the meaning of Article 28(4) GDPR are concluded.

(6) Those involved with VOXR participant data and thus possibly with personal data are aware of the relevant, general data protection regulations. They observe the principles of proper data processing and are trained in these principles at the beginning of their employment with VOXR and at appropriate regular intervals.

(7) In connection with the commissioned processing, the processor shall provide the controller with necessary support in fulfilling his obligations under data protection law. The processor shall support the controller in fulfilling his obligations under Art. 32 to 36 GDPR.

(8) Upon request, VOXR shall provide the controller with all information necessary to demonstrate compliance with the obligations set forth in Art. 28 GDPR, and shall facilitate and contribute to audits – including inspections – conducted by the controller or another auditor appointed by the controller.

(9) To the extent required by law, the processor shall appoint a competent and reliable person as data protection officer without conflict of interest.

(10) The processing is carried out exclusively within the EU or the EEA.

(11) VOXR servers for data processing are hosted exclusively in high-security data centres with which the processor has a contract for technical and organisational measures to be taken to create the necessary data and information security and data protection.

(12) The overview of the organizational and technical measures (TOM) in VOXR data centers and companies can be downloaded here in PDF format.

8. Severability clause

(1) Should individual parts of this contract for processing orders be ineffective, this shall not affect the effectiveness of the remaining agreement.