Privacy Policy

 

Privacy Policy of digiTAL consulting Munich

 

Preamble

This Privacy Policy describes the policies and procedures of digiTAL consulting Munich ("digiTAL", "we", "us" or "our") regarding the collection, use, and disclosure of your information when you use our services, and informs you about your privacy rights and how the law protects you.

 

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

digiTAL consulting Munich

Chiemgaustr. 34a

81549 Munich, Germany

Email: info.digi@talconsulting.de

 

2. Collection and Storage of Personal Data

We collect and store personal data only to the necessary extent. Personal data includes in particular:

- First and last name

- Email address

- Phone number

- IP address

 

3. Purposes of Processing and Legal Bases

The processing of personal data is carried out for the following purposes:

- To fulfill our contractual obligations (Art. 6 (1)(b) GDPR)

- To safeguard legitimate interests (Art. 6 (1)(f) GDPR)

- Based on your consent (Art. 6 (1)(a) GDPR)

- To fulfill legal obligations (Art. 6 (1)(c) GDPR)

 

4. Data Transfer to Third Parties

Personal data will only be transferred to third parties if this is necessary for contract execution or if there is a legal obligation.

 

5. Rights of Data Subjects

You have the right to:

- Request access to your personal data processed by us (Art. 15 GDPR)

- Request the correction of inaccurate data (Art. 16 GDPR)

- Request the deletion of your data (Art. 17 GDPR)

- Request the restriction of processing (Art. 18 GDPR)

- Object to the processing of your data (Art. 21 GDPR)

- Request data portability (Art. 20 GDPR)

 

6. Data Security

We implement technical and organizational security measures to protect your data from accidental or deliberate manipulation, partial or total loss, destruction, or unauthorized access by third parties.

 

7. Changes to the Privacy Policy

We reserve the right to change this Privacy Policy at any time. The current version can be found on our website.

 

 

 

 

Non-Disclosure Agreement (NDA)

 

Detailed Non-Disclosure Agreement (NDA)

 

Between

 

digiTAL consulting Munich

Chiemgaustr. 34a

81549 Munich, Germany

(hereinafter referred to as "Disclosing Party")

 

And

 

[Name of Contracting Party]

[Address of Contracting Party]

(hereinafter referred to as "Receiving Party")

 

Preamble

This Agreement (the "Agreement") comes into effect upon signature by both parties and governs the confidentiality of information exchanged between the parties.

 

1. Definitions

- "Confidential Information" includes all information provided by the Disclosing Party to the Receiving Party that is marked as confidential or should be considered confidential based on its nature.

 

2. Obligations of the Receiving Party

The Receiving Party agrees to:

- Keep confidential information strictly confidential.

- Not disclose confidential information to third parties without prior written consent from the Disclosing Party.

- Use confidential information only for the purpose for which it was provided.

 

3. Exceptions

Confidential information does not include information that:

- Is publicly known at the time of disclosure or becomes publicly known without fault of the Receiving Party thereafter.

- Was already known to the Receiving Party before disclosure by the Disclosing Party.

- Is lawfully obtained from a third party without a confidentiality obligation.

 

4. Duration of Confidentiality

This confidentiality obligation remains in effect for [time period, e.g., 5 years] after the termination of this Agreement.

 

5. Return of Information

Upon termination of this Agreement, the Receiving Party agrees to promptly return or destroy all confidential information and copies thereof to the Disclosing Party.

 

6. Severability Clause

If any provision of this Agreement is or becomes invalid, the validity of the remaining provisions shall remain unaffected.

 

Signatures

 

_________________________

[Name, Title]

digiTAL consulting Munich

 

_________________________

[Name, Title]

[Name of Contracting Party]

Risk Management Plan

 

Risk Management Plan of digiTAL consulting Munich

 

1. Purpose

This Risk Management Plan aims to identify, assess, and establish measures to mitigate potential risks to ensure business continuity for digiTAL consulting Munich.

 

2. Responsibilities

- Risk Manager: Responsible for overseeing risk management activities.

- Department Heads: Responsible for identifying and assessing risks within their departments.

- Employees: Responsible for reporting risks to their supervisors.

 

3. Risk Identification

Identification of potential risks in the following areas:

- Operations (e.g., IT outages, staffing shortages)

- Finance (e.g., payment defaults, currency fluctuations)

- Legal (e.g., contract breaches, regulations)

 

4. Risk Assessment

Evaluation of identified risks based on likelihood and potential impact:

- Low: Low probability and minor impact.

- Medium: Moderate probability and medium impact.

- High: High probability and significant impact.

 

5. Risk Management Measures

- Avoidance: Actions to avoid the risk.

- Mitigation: Actions to reduce the likelihood or impact of the risk.

- Transfer: Transferring the risk to third parties (e.g., insurance).

- Acceptance: Deliberate acceptance of the risk for minor impacts.

 

6. Monitoring and Control

Regular review and updates to the Risk Management Plan:

- Annual review

- Ad-hoc review in case of significant changes

 

Disaster Recovery Plan

 

Disaster Recovery Plan of digiTAL consulting Munich

 

1. Objective

This plan outlines the steps for restoring business operations in the event of a failure or disaster.

 

2. Responsibilities

- Emergency Team: Composed of members from the IT department and management.

- Team Leader: Coordinates recovery efforts.

 

3. Disaster Scenarios

Identification of potential disasters:

- Natural disasters (e.g., earthquakes, floods)

- Technical failures (e.g., server outages, data loss)

- Security incidents (e.g., cyberattacks, data breaches)

 

4. Recovery Measures

- Immediate Actions: Emergency measures to protect lives and assets (e.g., evacuation, alarm raising).

- Data Recovery: Using backups to restore lost data.

- System Recovery: Repair or replacement of failed systems.

 

5. Communication Plan

- Internal Communication: Informing employees about the disaster and actions taken.

- External Communication: Informing clients and partners about the disaster and possible impacts.

 

6. Training and Testing

Regular training and disaster recovery drills for all employees to ensure preparedness.

 

Risk Management Plan

 

Risk Management Plan of digiTAL consulting Munich

 

1. Purpose

This Risk Management Plan aims to identify, assess, and establish measures to mitigate potential risks to ensure business continuity for digiTAL consulting Munich.

 

2. Responsibilities

- Risk Manager: Responsible for overseeing risk management activities.

- Department Heads: Responsible for identifying and assessing risks within their departments.

- Employees: Responsible for reporting risks to their supervisors.

 

3. Risk Identification

Identification of potential risks in the following areas:

- Operations (e.g., IT outages, staffing shortages)

- Finance (e.g., payment defaults, currency fluctuations)

- Legal (e.g., contract breaches, regulations)

 

4. Risk Assessment

Evaluation of identified risks based on likelihood and potential impact:

- Low: Low probability and minor impact.

- Medium: Moderate probability and medium impact.

- High: High probability and significant impact.

 

5. Risk Management Measures

- Avoidance: Actions to avoid the risk.

- Mitigation: Actions to reduce the likelihood or impact of the risk.

- Transfer: Transferring the risk to third parties (e.g., insurance).

- Acceptance: Deliberate acceptance of the risk for minor impacts.

 

6. Monitoring and Control

Regular review and updates to the Risk Management Plan:

- Annual review

- Ad-hoc review in case of significant changes

 

Disaster Recovery Plan

 

Disaster Recovery Plan of digiTAL consulting Munich

 

1. Objective

This plan outlines the steps for restoring business operations in the event of a failure or disaster.

 

2. Responsibilities

- Emergency Team: Composed of members from the IT department and management.

- Team Leader: Coordinates recovery efforts.

 

3. Disaster Scenarios

Identification of potential disasters:

- Natural disasters (e.g., earthquakes, floods)

- Technical failures (e.g., server outages, data loss)

- Security incidents (e.g., cyberattacks, data breaches)

 

4. Recovery Measures

- Immediate Actions: Emergency measures to protect lives and assets (e.g., evacuation, alarm raising).

- Data Recovery: Using backups to restore lost data.

- System Recovery: Repair or replacement of failed systems.

 

5. Communication Plan

- Internal Communication: Informing employees about the disaster and actions taken.

- External Communication: Informing clients and partners about the disaster and possible impacts.

 

6. Training and Testing

Regular training and disaster recovery drills for all employees to ensure preparedness.

 

Data Processing Agreement

 

Data Processing Agreement according to Art. 28 GDPR

 

between

 

digiTAL consulting Munich

Chiemgaustr. 34a

81549 Munich, Germany

(hereinafter referred to as "Processor")

 

and

 

[Name of the Client]

[Address of the Client]

(hereinafter referred to as "Controller")

 

1. Subject of Processing

The subject of processing includes personal data processed by the Processor on behalf of the Controller.

 

2. Duration of Processing

Processing is carried out for the duration of the main contract between the parties.

 

3. Nature and Purpose of Processing

Processing includes the following types of personal data: [e.g., contact details, usage data] and is carried out for the following purposes: [e.g., provision of IT services].

 

4. Rights and Obligations of the Controller

The Controller is responsible for complying with the legal data protection requirements and ensuring that the data subjects are informed about the processing of their data.

 

5. Obligations of the Processor

The Processor processes personal data only in accordance with the documented instructions of the Controller and takes all necessary technical and organizational measures to protect the data.

 

6. Subprocessors

The Processor may engage subprocessors only with the prior written consent of the Controller.

 

7. Rights of Data Subjects

The Processor supports the Controller in fulfilling the rights of data subjects as defined in the GDPR.

 

8. Return and Deletion of Data

Upon termination of the processing, the Processor will either return or delete all personal data unless a legal obligation requires retention.

 

9. Evidence and Audits

The Processor provides the Controller with all necessary information to demonstrate compliance with the obligations under Art. 28 GDPR and allows audits.

 

Signatures

 

_________________________

[Name, Title]

digiTAL consulting Munich

 

_________________________

[Name, Title]

[Name of the Client]

 

Rules and Licenses

 

Guidelines for the Use of Software Licenses and Third-Party Programs

 

1. Purpose

This policy defines the conditions for the use of software licenses and third-party programs to minimize legal and operational risks.

 

2. License Agreements

All software licenses must be documented in writing, and license terms must be adhered to. This includes:

- License duration

- Usage rights

- Restrictions

 

3. Third-Party Programs

The use of third-party programs is only permitted with prior approval from management. Security checks must be conducted to ensure the programs do not pose any security risks.

 

4. Responsibilities

- IT Department: Monitors compliance with license terms and the safe use of third-party programs.

- Employees: Report the use of new software or programs to the IT department.

 

5. Consequences of Violations

Violations of this policy may result in disciplinary action, including termination of employment and legal proceedings.

 

IT Security Regulations

 

IT Security Policies of digiTAL consulting Munich

 

1. Purpose

These IT security policies aim to ensure the secure operation and protection of data.

 

2. Access Controls

- Employee Access: Employees are granted access only to systems and data necessary for their work.

- Password Protection: All user accounts must be protected by secure passwords.

 

3. Data Backup

- Backups: Regular backups of all important data, stored in a secure location.

- Recovery: Regular testing of data recovery processes.

 

4. Network Security

- Firewall: Implementation of firewalls to protect the network.

- Antivirus and Malware Protection: Use of up-to-date antivirus software.

 

5. Training and Awareness

Regular training sessions for employees on data protection and IT security topics.

 

6. Reporting Security Incidents

All security incidents must be reported to the IT department immediately.

 

Clearly Defined Contract Terms

 

Additional Agreements

 

1. Contract Amendments

Any amendments or supplements to the contract must be in writing and signed by both parties.

 

2. Severability Clause

If any provision of this contract is or becomes invalid, the validity of the remaining provisions shall remain unaffected.

 

3. Jurisdiction

The place of jurisdiction for all disputes arising from this contract is Munich, Germany.

 

Compliance Program

 

Compliance Program of digiTAL consulting Munich

 

1. Objective

The compliance program ensures adherence to all legal and regulatory requirements, including anti-corruption and export control laws.

 

2. Responsibilities

- Compliance Officer: Oversees adherence to compliance guidelines and reports directly to the management.

- Employees: Commit to complying with all compliance guidelines and reporting violations.

 

3. Training and Further Education

Regular training and further education sessions for employees on compliance, anti-corruption, and export controls.

 

4. Review and Reporting

Regular reviews of compliance guidelines and reporting to management.

 

5. Consequences of Violations

Violations of compliance guidelines can result in disciplinary actions, including termination of employment and legal proceedings.