Data protection at Seatti
Seatti is a trademark of Seatti GmbH, a German company (Imprint). We respect and value the protection of personal data, both for our customers and for ourselves, and are constantly striving to fully comply with the European GDPR regulations and in particular the GDPR regulations. This document describes our comprehensive program to not only comply with the law, but to assure every user of Seatti Services that their data is secure. If you have any further questions regarding compliance with the GDPR, data security and data protection rights, please contact us at compliance@seatti.co.
- Services
- Privacy by Design
- Data commission processing
- Privacy Policy Website
Services
We offer a paid service to businesses and other organisations who wish to use our services as an integrated professional tool, which can also be integrated with third-party tools to enhance the user experience for our users. For this, we have a data processing agreement that sets out how we process personal data as a data processor on behalf of a client.
Privacy by Design
At Seatti, we make a point of designing our services in such a way that the rights of users are already protected in the best possible way by the way they are implemented. Consequently, our services are built according to the requirements of Privacy by Design (also called data protection by design), which are also laid down in Art. 25 of the European GDPR. This means that appropriate technical and organisational measures to ensure data protection are already taken into account when determining the means of data processing. This is manifested in a set of principles on how we set up our infrastructure and how we collect and process data, and are an integral part of our AV contract as a data processor.
Data minimisation and pseudonymisation
We only store and process as much data as necessary to provide our core functionality and a great user experience. We actively avoid storing data solely for the purpose of marketing, data accumulation, or any other purpose not related to a smooth experience for our users. Personal data is only stored pseudonymously and, where possible, anonymized before it even enters our processing systems. Specifically, only a user ID is stored, while any personal attribution data is only added directly in the customer system and is neither stored nor viewable in our systems.
If you are a user of the Seatti Lite version, we also store your email address and full name to ensure the smooth operation of the Seatti Lite version.
Data storage and processing within the EU
To ensure full transparency, familiarity and compliance with regional regulations and the GDPR, we store and process data as often as possible on servers located on the territory of the European Union. As of now, all data processing of personal data takes place on servers of our service provider. See the list of sub-processors for more details.
Security infrastructure
Our infrastructure and internal security boundaries should meet the highest security standards to preventively avoid any kind of data breach. This concerns the security policies of our team, e.g. the way we collaborate and communicate sensitive data or how access rights are distributed among team members and their roles, but also the selection of service providers and sub-processors. Our main Azure processor is built on the principles of Security by Design and provides a variety of services that we have implemented to ensure data security. These and other security measures are detailed in our Technical and Organizational Measures documented, which are also part of our AV contract as a contractor.
Data commission processing
Download Seatti AV contract as .pdf
We use an AV contract to maintain all the protections of current legislation.We have also ensured that we have AVs in place with all our sub-processors to ensure full vertical data protection.
The AV contract is concluded and signed individually with each client for whom we act as contractor.
Subcontractor
Listed below you can find all our subcontractors and AV contracts concluded with them. In particular, due to the invalidation of the EU/US Privacy Shield, we try to process any personal data in EU territory. Even with our main infrastructure provider Azure, we have selected only servers located in the EEA. Even after the invalidation of the Privacy Shield, the standard contractual clauses released and regulated by the EU provide a level of data protection that complies with the GDPR. These clauses are enshrined in Azure's Data Processing Addendum, which can be downloaded below.
Only in exceptional cases, when the provider landscape requires it, do we use providers outside the EU and ensure that personal data is never processed in non-pseudonymized form in the process.
Provider Name: Microsoft Ireland Operations Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.
- Service for Seatti GmbH: Provision of data center infrastructure Hosting, e-mail dispatch
- Server location: EU (Germany, Ireland and Netherlands)
Provider name: Tableau Salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany
- Service for Seatti GmbH: Data analysis and reporting to optimize internal processes
- Server location: EU
Documents for download