Data retention policy
absence.io will retain customer data in accordance with GDPR & German Data privacy regulations. Our data retention is managed in our internal Information Security Management System (ISMS) and expressed in our Data Processing Agreement (DPA). See this excerpt from the DPA, Paragraph 10 "Termination of the contracts" & paragraph 10 "Extraordinary right of termination":
"Upon termination of one of the Contracts or at any time after being requested to do so, Absence shall return any and all documents, data and data storage devices or upon request shall delete these, unless such is not compatible with the law of the European Union or of one of its member states which require a retention of the personal data. Without instructions of the Customer to the contrary within 60 days after termination of the Contracts Absence is instructed and authorised to delete all data.
Absence shall maintain a documentation of the deletion of the data.
Absence is obliged to treat any and all confidential data it becomes aware of in connection with the Contracts as confidential beyond the end of the term of the Contracts."
"The Customer is permitted to terminate the Contracts without observing a period of notice in full or in part, if Absence fails to comply with its obligations set forth in this agreement, or intentionally or gross negligently violates terms set forth in the GDPR or is unable or not willing to execute one of the Customer's instructions. In the event of minor, i.e. neither intentional nor gross negligent violations, the Customer shall grant Absence an appropriate deadline in which Absence is given the opportunity to remediate the violation."
Data archiving and removal policy
absence.io will retain customer data in accordance with GDPR & German Data privacy regulations. Our data retention is managed in our internal Information Security Management System (ISMS) and expressed in our Data Processing Agreement (DPA). See this excerpt from the DPA, Paragraph 3 "Obligations on the part of Absence":
"Absence may only process personal data within the scope of the contractual agreement and according to the Customer's instructions. If Absence is obliged by the law of the European Union or its member states to which they are bound to further process these data, Absence agrees to inform the Customer of any such legal requirements prior to further processing the data, unless the law in concern prohibits such a notification on the grounds of a material public interest."
"If a Data Subject enforces rights, for example, concerning access to information, a correction or deletion with regard to his/her data by directly contacting Absence, the Customer shall be informed without undue delay and Absence will await the Customer's further instructions before taking any action."
Data storage policy
absence.io will retain customer data in accordance with GDPR & German Data privacy regulations. Our data retention is managed in our internal Information Security Management System (ISMS) and expressed in our Data Processing Agreement (DPA). See this excerpt from the DPA, Paragraph 2 "Scope and purpose of collecting data, data subjects" & paragraph 4 "Technical and organisational measures":
"Personal data shall be processed in the following way, namely by: collecting, recording, organising, sorting, saving, adapting or amending, downloading, requesting, utilising, disclosing by transmission, distributing or any other form of providing the data, matching/synchronising or linking data, restricting, deleting or destructing data.
The categories of persons affected by processing are: The Customer's employees."
"Technical and organisational measures:
Absence agrees to undertake any and all necessary technical and organisational measures to ensure an appropriate protection of the Customer's data in accordance with Article 32 GDPR, in particular, at least the measures specified in Annex 2.
Absence reserves the right to amend the security measures agreed upon, whereby it shall ensure that the contractually agreed minimum level of protection is met at all times.
Absence ensures that the data processed on behalf of the Customer are kept strictly separate from any other data (logical separation of data)."
App/service has sub-processors
yes
Guidelines for sub-processors