(Preview of the Text is shown below - However note that the enclosed PDF is the main source of information for the legal purposes because of its permanent form)
1.2. “Client Data” means any personal data that OmniCrane processes on behalf of Client via the OmniCrane’s service and applications.
1.3. „OmniCrane“ means the services and application commercially available under OmniCrane brand.
1.4. “GDPR” means all data protection laws and regulations applicable to Europe, including (i) Regulation 2016/679 of the European Parliament and of the Council; (ii) Directive 2002/58/EC; (iii) applicable national implementations.
1.5. “Website” refers to www.omnicrane.com and all its sub-sites.
2 Personal Data Processing:
2.1. OmniCrane is supposed to process the data for the Client (whether itself a controller or a processor).
2.2. OmniCrane shall process Client Data only in accordance with Client’s documented lawful instructions, as necessary to comply with applicable law.
2.3. The Client is responsible to comply with all applicable laws, including the GDPR, in respect of its processing of Client Data and any processing instructions it issues to OmniCrane; and (ii) will provide all notice and has obtained, and will continue to obtain, all consents and rights necessary under applicable law for OmniCrane to process the data.
2.4. The Client shall have sole responsibility for the accuracy, quality, and legality of Client Data and the means by which Client acquired Client Data. The Client shall be responsible for complying with all laws applicable to any use of OmniCrane or other content created, sent, or managed through OmniCrane, including those relating to obtaining consents (where required) to send emails, the content of the emails and its email deployment practices.
2.5. The Client will ensure that OmniCrane’s processing of the Client Data in accordance with Client’s instructions will not cause OmniCrane to violate any applicable law, regulation, or rule. OmniCrane shall promptly notify Client in writing, if it becomes aware or believes that any data processing instruction from Client violates GDPR. Where Client acts as a processor on behalf of a third-party controller (or other intermediary to the ultimate controller), Client warrants that its processing instructions, have been authorized by the relevant controller.
3.1. Client agrees that OmniCrane may engage sub-processors to process Client Data on Client’s behalf.
3.2. OmniCrane shall: (i) enter into a written agreement with each sub-processor containing data protection obligations that provide at least the same level of protection for Client Data as those used by OmniCrane, to the extent applicable to the nature of the service provided by such sub-processor; and (ii) remain responsible for such sub-processor’s compliance herewith and for any acts or omissions of such sub-processor that cause OmniCrane to breach any of its obligations.
4.1. Security Measures: OmniCrane shall implement and maintain appropriate technical and organizational security measures that are designed to protect Client Data from security incidents and designed to preserve the confidentiality of Client Data.
4.2. Data Protection Officer (DPO): OmniCrane didn’t appoint DPO.
4.3. Security Incident response: Upon becoming aware of a security incident, OmniCrane shall: (i) notify Client without undue delay, and where feasible, in any event no later than 48 hours from becoming aware of the security incident; (ii) provide timely information relating to the security incident as it becomes known or as is reasonably requested by Client; and (iii) promptly take reasonable steps to contain and investigate any security incident.
4.4. Client is responsible for its secure use of OmniCrane service, including securing its account authentication credentials, protecting the security of Client Data, and taking any appropriate steps to secure the Client Data uploaded to OmniCrane.
5 Privacy by Default:
5.1. OmniCrane shall, in any determination of the means of processing, in the introduction of new processing of personal data and in the review of the organizational arrangements whereby personal data are handled, consider, taking into account the state of the art, the cost of implementation, the nature, scope, context and purposes of the processing, as well as the different likely and different risks to the rights and freedoms of natural persons entailed by the processing, the appropriate technical and organizational measures to implement the data protection principles in an effective manner and to incorporate the necessary safeguards in the processing to meet the requirements of GDPR and to protect the rights of data subjects, in particular that only personal data necessary for each specific purpose of the processing are processed by default (this obligation relates to the amount of personal data collected, the scope of processing, the duration of storage and accessibility, and that personal data are not made available to an unlimited number of individuals by default without human intervention). Where forms and software are used for record keeping, it is necessary to check whether they require or offer the recording of redundant data and not to process such data.
6 Security Reports and Audits:
6.1. OmniCrane shall make available to Client all information reasonably necessary to demonstrate compliance herewith.
7 Return or Deletion of Data:
7.1. Upon termination of the legal relationship between OmniCrane and Client, OmniCrane shall delete or irreversibly anonymize all Client Data (including copies) in its possession or control, except for Client Data it has archived on back-up systems, which Client Data OmniCrane shall securely isolate, protect from any further processing and eventually delete in accordance with OmniCrane’s deletion policies.
8.2. The cookies may be: technical, functional (these are necessary to show the website and make it work as it should or to know that the subject has (not) given their your consent to process cookies, etc.), Security (cookies that are designed to prevent fraud and possibly fix security vulnerabilities), analytical (these help to analyze how the website works in terms of visitor behaviour and adapt and change the Website accordingly), preference (these cookies are to ensure that content is displayed in the preferred settings - for example, in a particular language or otherwise to make it easier for to browse/purchase), marketing (these cookies allow to tailor the service offerings. OmniCrane may handle technical, security and functional cookies on the basis of legal requirements. Without them, OmniCrane would not be able to provide services safely and correctly.
8.3. OmniCrane may process analytical, preference and marketing cookies on the basis of subject’s consent.
8.4. Anyone can prevent from processing these cookies by not giving their consent, by adjusting their browser settings, by setting the cookie bar or by browsing in anonymous mode.
8.5. The cookies may be disabled by user of each device.
8.6. OmniCrane uses for processing of Cookies the services: Google Analytics, Ads a Doubleclick as provided by Google Ireland Ltd.
9 Information for recipients of marketing communications:
9.1. The purpose of processing is to inform interested parties (recipients of commercial communications) about various information related to OmniCrane.
9.2. The contact data processed includes name and surname, telephone and email contact details, identification of social media accounts
9.3. The legal basis is the consent of the data subjects (i.e. recipients of commercial communications).
9.4. In the case of personal data provided for the purpose of disseminating commercial communications, OmniCrane may, in particular, monitor the delivery and opening of emails sent, and monitor the activity of the data subject on OmniCrane's website; OmniCrane may further link all personal data to legitimately published personal data about the data subject in publicly available sources, combine personal data and personal data into logical aggregates and profile data subjects on the basis of such data.
10 Data Subject Rights and Cooperation:
10.1. OmniCrane provides the Client with a number of self-service features, that Client may use to retrieve, correct, delete, or restrict the use of Client Data.
10.2. To the extent required under GDPR, OmniCrane shall (considering the nature of the processing and the information available to OmniCrane) provide all reasonably requested information regarding its service to enable Client to carry out data protection impact assessments or prior consultations with data protection authorities as required by GDPR.
10.3. Categories of personal data: Client may upload, submit, or otherwise provide certain personal data to the Service, the extent of which is typically determined and controlled by final Customer in its sole discretion, and may typically include the following types of personal data: identification and contact data in particular : name, date of birth, gender, general, occupation or other demographic information, address, title, contact details, including email address; personal interests or preferences (including purchase history, marketing preferences and publicly available social media profile information); IT information (IP addresses, usage data, cookies data, online navigation data, location data, browser data); financial information (credit card details, account details, payment information).
10.4. Sensitive data processed (if applicable): OmniCrane does not want to, nor does it intentionally, collect or process any sensitive personal data in connection with the provision of the Service.
10.5. Frequency of processing: continuous and as determined by Client.
10.6. Purpose of the processing: OmniCrane shall only process Client Data for the permitter purposes which shall include: (i) processing as necessary to provide OmniCrane service; (ii) processing initiated by Client; and (iii) processing to comply with any other reasonable instructions provided by Client (e.g., via email or support tickets).
10.7. Duration of processing and period for which personal data will be retained: OmniCrane will process Client Data as for the duration of contract that regulates provision of OmniCrane services to the Client.
10.8. Objection to Sub-processors: Client may object in writing to OmniCrane’s appointment of a new sub-processor within five (5) calendar days of receiving notice, provided that such objection is based on reasonable grounds relating to data protection. In such event, the parties shall discuss such concerns in good faith with a view to achieving a commercially reasonable resolution. If no such resolution can be reached, OmniCrane will, at its sole discretion, either not appoint such sub-processor, or permit Client to suspend or terminate the affected service.
11.1. Under the conditions set out in Regulation 2016/679 (GDPR), any subject has a right to request from OmniCrane access to the data, the right to rectification or erasure of personal data or restriction of its processing, the right to object to the processing of personal data, and the right to the portability of personal data.
11.2. These rights shall be applied by contacting the Managing Director of OmniCrane.
11.3. The data subject may withdraw their consent at any time, in the same or equally simple manner as he or she previously gave consent, and OmniCrane will make this possible. For each consent, the specific means by which data subjects can withdraw it will be indicated, and they will also be given the opportunity to do so by sending an email. Withdrawal of consent does not affect the lawfulness of the processing of personal data that has been processed between the granting of consent and its withdrawal. OmniCrane will have proof of this (whether written or electronic) for as long as the consent is given.
11.4. The Data Protection Authority offers a form to report high-risk personal data breaches. The Supervisory Authority will take into account the timely notification of a breach when imposing any sanctions, so any potential risk incident should be reported promptly and only then investigated thoroughly internally.
12 Final Provisions
12.2. These Terms become valid and effective on April 1, 2022.