Use Cases
IT Services
Facilities management
Facility Management
HR Department
Digital Workplace Manager
Employees
Works councils & GDPR officers
Features
Workstation booking
 Location overview
Room booking
Administration
Parking reservation
Parking reservation
Data Analysis Centre
Microsoft 365
Check-In Assistant
Company
About Us
Customers
Contact
Career
Insights
Blog
Webinars
Community
Enterprise
Prices
Arrange short consultation
DE 
EN

Data protection at Seatti

Seatti is a trademark of Seatti UG (haftungsbeschränkt), a German company (Imprint). We respect and value the protection of personal data, both for our customers and for ourselves, and are constantly striving to fully comply with the European GDPR regulations and in particular the GDPR regulations. This document describes our comprehensive programme to not only comply with the law, but to ensure every user of Seatti Services that their data is secure. If you have any further questions regarding compliance with the GDPR, data security and data protection rights, please contact us at contact@seatti.co.

  • Services
  • Privacy by Design
  • Data commission processing
  • Privacy Policy Website

Services

We offer a paid service to businesses and other organisations who wish to use our services as an integrated professional tool, which can also be integrated with third-party tools to enhance the user experience for our users. For this, we have a data processing agreement that sets out how we process personal data as a data processor on behalf of a client.

Privacy by Design

At Seatti, we make a point of designing our services in such a way that the rights of users are already protected in the best possible way by the way they are implemented. Consequently, our services are built according to the requirements of Privacy by Design (also called data protection by design), which are also laid down in Art. 25 of the European GDPR. This means that appropriate technical and organisational measures to ensure data protection are already taken into account when determining the means of data processing. This is manifested in a set of principles on how we set up our infrastructure and how we collect and process data, and are an integral part of our AV contract as a data processor.

Data minimisation and pseudonymisation

We only store and process as much data as necessary to provide our core functionalities and a great user experience. We actively avoid storing data for the sole purpose of marketing, data accumulation or any other purpose not related to a smooth experience for our users. Personal data is only stored pseudonymously and, where possible, anonymised before it even enters our processing systems. In concrete terms, only a user ID is stored, while any personal allocation data is only added directly in the customer system and is neither stored nor can be viewed in our systems.

Data storage and processing within the EU

To ensure full transparency, familiarity and compliance with regional regulations and the GDPR, we store and process data as often as possible on servers located within the territory of the European Union. As of now, all data processing of personal data takes place on servers of our service provider aws in Frankfurt, Germany. See the list of sub-processors for more details.

Security infrastructure

Our infrastructure and internal security boundaries should meet the highest security standards in order to preventively avoid any kind of data breach. This concerns the security policies of our team, e.g. the way we work together and communicate sensitive data or how access rights are distributed among team members and their roles, but also the selection of service providers and sub-processors. Our main processor aws is built on the principles of Security by Design and offers a variety of services that we have implemented to ensure data security. These and other security measures are documented in detail in our Technical and organisational measures documents, which are also part of our AV contract as a contractor.

Data commission processing

Download Seatti AV contract as .pdf

We use an AV contract to maintain all the protections of current legislation.We have also ensured that we have AVs in place with all our sub-processors to ensure full vertical data protection.
The AV contract is concluded and signed individually with each client for whom we act as contractor.

Subcontractor

Below you will find a list of all our subcontractors and the agreements we have with them. In particular, due to the invalidation of the EU/US Privacy Shield, we try to process any personal data in EU territory. Also with our main infrastructure provider aws, we have exclusively chosen servers located in Frankfurt, Germany. Even after the invalidation of the Privacy Shield, the standard contractual clauses released and regulated by the EU provide a level of data protection that complies with the GDPR. These clauses are enshrined in aws' Data Processing Addendum, which can be downloaded below.

Only in exceptional cases, when the provider landscape requires it, do we use providers outside the EU and ensure that personal data is never processed in non-pseudonymised form in the process.

‍

Name
Location
DPA/AVV
Purpose
Data
Amazon Web Services
Frankfurt, DE
Download
Cloud Infrastructure
MS User ID, software input data
Microsoft Teams
EU (depending on your MS365 organisation's assigned region)
Download
Internal communication and testing
-
Google Analytics
USA
Download
Analysis of website use
Location, website behaviour

‍

Documents for download

  • Seatti AV contract as .pdf

‍

The Seatti Logo
Contact form
Subscribe to the newsletter and stay informed about new features:
Thank you! Your submission has been received. Please check your inbox.
Oops! Something went wrong while submitting the form.

Discover our latest case studies,
white papers, webinars and company updates!

Features
Workstation bookingRoom bookingParking reservationLocation overviewData Analysis CentreAdministrationMicrosoft 365Check-In Assistant
Use Cases
IT ServicesHR DepartmentFacility ManagementEmployeesWorks councils and
GDPR officers
Digital Workplace Management
Company
About usContactCareerGDPRDemo
Resources
WebinarsBlog
Copyright © 2022 Seatti Ltd. All rights reserved.
ImprintData protectionTerms of use