Wir sehen es als unsere Verpflichtung an, mit Kunden von CleverPush zusammenzuarbeiten, um ihnen dabei zu helfen, sich auf die Datenschutz-Grundverordnung (DSGVO) vorzubereiten. Die DSGVO wird am 25. Mai 2018 in Kraft treten.

Folgende Ressourcen stellen wir für unsere Kunden u.a. bereit:

  • Musterpassage für Datenschutzerklärung zum Einsatz von CleverPush
  • Auftragsdatenverarbeitungsvereinbarung (ADV)
  • Möglichkeit der Löschung aller gespeicherten Daten in den Account Einstellungen

Folgende Maßnahmen ergreifen wir u.a. selbst:

  • Kundendaten werden innerhalb von Deutschland gespeichert
  • Einhaltung Sicherheitsstandards, HTTPS-Verschlüsselung des gesamten Datenverkehrs
  • Unterstützung bei gewünschten Abonnement-Abmeldungen über unseren Support

1. Auftragsdatenverarbeitungsvereinbarung

Die Auftragsdatenverarbeitungsvereinbarung (ADV) muss direkt bei einer Neuregistrierung oder dem Login im Dashboard zum 25.05.2018 wirksam akzeptiert werden.

2. Text bei Opt-In Meldung

Der Text der vor oder neben der Opt-In Meldung erscheint kann in den meisten Fällen angepasst werden. Wir geben unseren Kunden hierfür Muster an die Hand, welches bei bestehenden Kanälen über die Kanal Einstellungen mit einem Klick bei Opt-In -> Texte anpassen -> Muster verwenden genutzt werden kann. Bei neuen Kanälen kann wird dieses Muster, wenn gewünscht, direkt eingefügt. Die Passage stellt nur ein Muster für unsere Kunden dar, wir bieten keinerlei Rechtsberatung und garantieren nicht für Richtigkeit und Vollständigkeit des Textes.

3. Musterpassage für Datenschutzerklärung

Die folgende Passage stellt nur ein Muster für unsere Kunden dar, wir bieten keinerlei Rechtsberatung und garantieren nicht für Richtigkeit und Vollständigkeit des Textes.

Push notifications

You can opt in to receive our push notifications. To send our push notifications, we use the delivery service "CleverPush", which is provided by CleverPush GmbH, Nagelsweg 22, 20097 Hamburg ("CleverPush"). By that you will receive regular messages about [Please specify the content of the notifications as detailed as possible].

To opt in, you must confirm your browser's request to receive notifications. This process is documented and stored by CleverPush. This includes saving the opt in time and your browser ID or device ID. The collection of this data is required so that we can understand the processes in case of misuse and therefore serves our legal protection.

To show you the push notifications, CleverPush collects and processes your browser ID on our behalf and your device ID in the case of mobile access.

By subscribing to our push notifications, you agree to their receipt. Legal basis for the processing of your data after registration for our push notifications is in the presence of your consent Art. 6 para. 1 lit. a GDPR. CleverPush also statistically evaluates our push notifications. CleverPush can detect if and when our push notifications were displayed and clicked by you.

Your consent to the storage and use of your personal information to receive our push notifications and the statistical survey described above may be revoked at any time with future effect. To revoke consent, you can change the setting to receive push notifications in your browser. If you use our push notifications on a desktop PC with the operating system "Windows", you can also unsubscribe our push notifications by right-clicking on the respective push notification in the settings that appear there.

Your data will be deleted as soon as they are no longer necessary to achieve the purpose of their survey. Your data will be stored as long as the subscription to our push notifications is active.

Under the following link, the process of unsubscribing will be explained in detail: https://cleverpush.com/faq.

In order to speed up the retrieval of content (e.g. images) and to prevent attacks, CleverPush uses the offers of cloudflare.com, an offer from Cloudflare, Inc., which is certified under the PrivacyShield Agreement: https://www.privacyshield.gov/participant?id=a2zt0000000GnZKAA0&status=Active.

CleverPush does not store any data on Cloudflare's servers that contain personal data, but only general content such as text or images. When this content is called up, the end device you are using establishes a connection to Cloudflare and this leads to the processing of the IP address of the end device you are using.

Stand: Mai 2018



Technical and organizational measures according to Art. 32 GDPR

1. Confidentiality (Art. 32 Para. 1 b GDPR)
          

1) Access control

          
            

1.1) The following implemented measures by us prevent unauthorized persons from having access to the data processing systems:

            
                  
  1. Manual locking system
  2.               
  3. Security locks
  4.               
  5. Securing the building shafts
  6.               
  7. Doors with outside knob
  8.               
  9. Key regulation / list
  10.               
  11. Care when selecting security personnel
  12.               
  13. Care when choosing cleaning services
  14.             
            

1.2) The following implemented measures by our sub-processors prevent unauthorized persons from having access to the data processing systems:

            
                  
  1. electronic access control system with logging
  2.               
  3. High security fence around the entire data center park
  4.               
  5. documented key allocation to employees and colocation customers for colocation racks (each client exclusively for his colocation rack)               
  6.               
  7. Guidelines for accompanying and marking guests in the building
  8.               
  9. 24/7 staffing of the data centers
  10.               
  11. Video surveillance at the entrances and exits, security gates and server rooms
  12.             
          
          

2) Access control - The following implemented measures prevent unauthorized persons from having access to the data processing systems.

          
                
  1. Personal and individual user log-in when logging on to the system or company network
  2.             
  3. Authorization process for access rights
  4.             
  5. Limitation of authorized users
  6.             
  7. Single Sign-On
  8.             
  9. Additional system log-in for certain applications
  10.             
  11. Firewall
  12.           
          

3) Access control - The following implemented measures ensure that unauthorized persons have no access to personal data.

          
                
  1. Administration and documentation of differentiated authorizations
  2.             
  3. Conclusion of contracts for order data processing for the external care, maintenance and repair of data processing systems, provided that the processing of personal data is the subject of the service for remote maintenance.
  4.             
  5. Evaluation / logging of data processing
  6.             
  7. Authorization process for permissions
  8.             
  9. approval routines
  10.             
  11. Profiles / roles
  12.             
  13. Measures to prevent unauthorized transfer of data to externally usable data carriers (e.g.               Copy protection, blocking of USB ports, “Data Loss Prevention (DLP) system”)             
  14.           
          

4) Separation control - The following measures ensure that personal data collected for different purposes are processed separately.

          
                
  1. Access rights based on functional responsibility
  2.             
  3. Separate data processing through differentiating access regulations
  4.             
  5. Multi-tenancy of IT systems
  6.             
  7. Use of test data
  8.             
  9. Separation of development and production environment
  10.           
          
2. Pseudonymization (Art. 32 Para. 1 a GDPR; Art. 25 Para. 1 GDPR)
          

The processing of personal data takes place in such a way that the data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to corresponding technical and organizational measures.

          
3. Integrity (Art. 32 Para. 1 b GDPR)
          

1) Disclosure control - It is ensured that personal data cannot be read, copied, changed or removed during transmission or storage on data carriers and that it can be checked which persons or bodies have received personal data. The following measures have been implemented to ensure this:

          
                
  1. Encryption of email or email attachments (e.g. WinZip)
  2.             
  3. Encryption of the storage medium of laptops
  4.             
  5. Secure file transfer (e.g. sftp)
  6.             
  7. Secure data transport (e.g. SSL, ftps, TLS)
  8.             
  9. Electronic signature
  10.             
  11. Secure WiFi
  12.           


Unterauftragsverarbeiter
  • Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen
    – Hosting der vom Auftragnehmer verwendeten Server
  • Amazon Web Services EMEA Sàrl, 5 Rue Plaetis L-2338 Luxembourg
    – Hosting der vom Auftragnehmer verwendeten Server
  • CloudFlare, Inc., San Francisco, US (HQ) 101 Townsend St, San Francisco
    – Content Delivery Network Dienstleister