Obligation of Data Confidentiality and Requirement for the Protection of Personal Data

Employees, independent workers, freelancers,  contract workers, consultants, or other staff ("Employees") of the  Startup Events GmbH, Rumfordstr. 15, 80469 Munich, Germany have or will  have access to information relating to an identified or identifiable natural  person ("Personal Data") during their performance of duties for the  Startup Events GmbH. An identifiable natural person is one who can be  identified, directly or indirectly, in particular by reference to an  identifier such as a name, an identification number, location data, an online  identifier or to one or more factors specific to the physical, physiological,  genetic, mental, economic, cultural or social identity of that natural  person.  

Employees shall keep Personal Data disclosed to them strictly confidently.  Employees shall comply with the Regulation (EU) 2016/679 of the European  Parliament and of the Council of 27 April 2016 on the protection of natural  persons with regard to the processing of personal data and on the free  movement of such data, and repealing Directive 95/46/EC (General Data  Protection Regulation –"GDPR")[1]; the German Federal Data Protection Act (BDSG as  amended by the Datenschutz-Anpassungs-und -Umsetzungsgesetz EU –  "BDSG")[2]; and any other applicable data protection law as  amended from time to time.

Employees shall act in compliance with the GDPR, the  BDSG or any other applicable data protection law and shall not process  Personal Data in an unlawful way. Especially, (1) Employees may only process  Personal Data only in scope of their tasks, (2) the processing must be based  on an applicable justification ground, and (3) the processing must comply  with the purposes documented during initial collection.

Personal Data and other business information must be  kept confidential by Employees and shall not be disclosed to unauthorized  persons. In the event that an Employee transfers or otherwise discloses  Personal Data to third parties (including affiliates of the Startup Events UG),  the Employee shall ensure that such a transfer or disclosure is lawful. An  Employee shall not transfer Personal Data to third parties who are not  authorized recipients.

Article 5(1)(f) of the GDPR, states that  "Personal data shall be […]  processed in a manner that ensures appropriate security of the personal data,  including protection against unauthorised or unlawful processing and against  accidental loss, destruction or damage, using appropriate technical or  organisational measures ('integrity and confidentiality')." Employees  are obliged to follow instructions issued by the Startup Events UG and their  supervisors with regard to the protection of Personal Data.

Employees shall report any breaches of data  protection requirements regarding the collection, processing and use of  Personal Data (including hacking or phishing attacks) to the respective  manager and to the Data Protection Officer (see below for contact details).

This Declaration Regarding the Obligation to  Maintain Data Confidentiality shall not limit any statutory obligations or  provisions on confidentiality in other agreements, arrangements or similar  documents to which the Employees are subject to. The obligation to data  confidentiality shall continue after termination. Any violation of the obligation  to data confidentiality may have negative consequences, such as termination  of employment or other relationships with the Startup Events UG. Moreover,  violations may cause damage claims or fines.

In case of any  questions – especially with regard to the legal basis / justification ground,  instructions by the supervisor regarding data protection, data breaches –,  please contact the Data Protection Officer Lisa Scheblein,  Unterdürrbacherstraße 8, 97080 Würzburg,   info@sidit.de, 0931/41726241.

[1]  The GDPR is available via the websiteof the European Union (http://eur-lex.europa.eu) or directly via (http://eur-lex.europa.eu/eli/reg/2016/679/oj).

[2]  The BDSG is available via a website provided bythe German Federal Ministry of Justice (https://www.gesetze-im-internet.de/).

CONSENT TO THE USE OF PERSONAL DATA ACCORDING TOARTICLE 6 DS-GVO

Both parties are herewith informed, that standards  for the authorization of further use and processing of personal data have  been developed in accordance with the revision of the data protection  regulations of the data protection basic regulation (DS-GVO) and the involved  changes in the Federal Data Protection Act, which need to be observed  throughout the employment handling. Hence, we´d like to inform you, that the  use and processing of your personal data in connection with the organisation  and handling of your employment at Startup Events UG, especially regarding  the payment of remuneration is permitted under the regulation of § 26 of the  Federal Data Protection Act (BDSG).  

Besides this we like to offer you internet access  for private use in an appropriate scope. Therefore a private account has to  be set up. In order to use this provided internet access for private  purposes, and also in order for us to use our employees´ images on our  website, we kindly ask you to give your consent to the related use of your  data.

Of course, we grant you sufficient time for  consideration of this consent. If you wish to do so, we offer you a briefing  on the manner and we would explicitly like to point out, that you can revoke  your permission at any time. This declaration of consent is handed to you  together with the employment contract, but it is a separate declaration and  must therefore also be signed independently of the employment contract. The  conclusion of the employment contract does not depend on the signing of this  declaration of consent. For reasons of data protection we must deny the set  up of the private account, if you don`t sign this declaration.

I hereby confirm that (i) I have read this  declaration carefully and completely, and (ii) I comply with the obligations  as described above.  

‍

‍