CC TECH (hereinafter "we, our, us") does not collect personal data but processes personal data exclusively in our capacity as a data processor when we provide SaaS (Software-as-a-Service) following documented instructions from our customers/data controllers. We therefore only process personal data as a data processor in accordance with the data processing agreement we have entered into with our customers. The personal data we transmit is never ours, but rather our customers', who determine the purpose and how personal data is processed. It is therefore also our customers who have policies for how they use personal data. It will usually appear on our customers' websites how they process and protect personal data.
If data subjects contact us, we will forward the inquiry to the data controller customer, who will subsequently respond to the inquiry.
DATA LOCATION
We store our customers' data with Amazon in Frankfurt, Germany, and with Hetzner, Germany, and never send data outside the EU. Our customers' data will always be covered by the protection in the General Data Protection Regulation.
TECHNICAL AND ORGANIZATIONAL MEASURES
We have implemented technical and organizational security measures to protect your personal information against being destroyed, lost or altered, against unauthorized disclosure, and against unauthorized persons gaining access to or knowledge of it. Our security measures are continuously reviewed in line with technological developments.
Our software and data are hosted with cloud providers within the EU, all of whom comply with GDPR, such as Amazon Web Services. All data is encrypted "at rest" and "in transit". Access to production data and services is highly restricted, and passwords/keys are secure and stored in a private key vault. All data in test and staging environments is anonymized.
When a user has been inactive for more than 2 years, we anonymize the user's data.
We take backups continuously throughout the day and retain them for 35 days. In the event that a user has requested deletion and a backup is restored, we maintain a list of user IDs for deleted users and filter the user's data from the restoration, thereby ensuring that the user's data never touches the database again.
We have implemented a "Privacy by Design" approach to our software development, which means that when we design new features, we actively consider privacy protection. Furthermore, we regularly review our software to investigate whether improvements can be made to our privacy protection and data security, and to ensure that we are in compliance with applicable laws.
We strive to help our customers comply with their GDPR requirements by providing the necessary tools and information in our software and furthermore warning when the customer takes actions that may have consequences for GDPR.
All actions in the system related to changes to personal data are recorded. These log files are available to our customers.