Legal framework
Before you entrust personal data of your company, it is important to consider the legal aspects. We help you get a good overview of the legal background as well as the risk assessment you or your team need to make. We want to offer you the best possible transparency and give you the assurance that your data is protected at Skyfish. Therefore, we have compiled all important information in one place for you below.
License agreement
The license agreement as a common contractual basis
The license agreement with Skyfish is the contractual basis between the licensee (you) and Skyfish and already regulates important aspects regarding the handling of personal data.
It defines the terms of use, restrictions and your obligations as a licensee. It also contains provisions regarding confidentiality, warranty, liability and termination of the contract.
The contract guarantees compliance with data protection guidelines and stipulates that personal data is processed lawfully, for a specific purpose, and transparently.
Data Processing Agreement
Secure data processing: DPA within Skyfish
The DPA (Data Processing Agreement) is a legal obligation between you as data controller and us as data processor. It enables us to process your data on your behalf.
It is recorded as an annex in the license agreement and covers data protection and specific terms and conditions for the use of Skyfish in accordance with GDPR Article 28.
It also governs the transfer of data to third countries and contains measures for the confidentiality and security of your data.
In the event of a personal data breach, we will notify customers immediately. In addition, upon completion of services, all data will be deleted or returned to ensure data protection. Our highest priority is to protect the security and confidentiality of data.
ISAE 3000
ISAE 3000 Certification: How Skyfish Processes Data
ISAE 3000 is an independent and internationally recognized standard guideline for auditing organizations that process personal data on behalf of others.
Skyfish undergoes this audit with the well-known auditing firm PriceWaterhouseCoopers (PwC).
The annual audit confirms Skyfish’s careful and privacy-compliant handling of customer data.
Meeting the ISAE 3000 requirements is a seal of approval for confidential customer data handling and compliance with the GDPR.
Transfer Impact Assessment
TIA - Privacy and Security for International Data Transfers
The Transfer Impact Assessment (TIA) evaluates the risk of transferring personal data to third countries and examines the extent to which data protection regulations are complied with and the rights of data subjects are protected in the process.
While the EU Commission has determined that there is an adequate level of data protection in the U.S. and some companies, including AWS, are certified, we still remain vigilant and continually update our assessment to ensure your data is in the right hands.
That’s why we conduct the TIA on a regular basis. This involves analyzing a variety of factors: Privacy laws in the U.S., the security measures of the recipient of your data, and the potential impact on your privacy.
Through this assessment, we ensure that the transfer of your data is lawful and secure.
Our commitment to privacy and security and our use of best-in-class IT services result in a low risk assessment for your data. We want you to feel safe and secure, so we also provide up-to-date reports that demonstrate our efforts.
FAQ - Frequently Asked Questions
How can I sign a license agreement with Skyfish?
To sign a license agreement with Skyfish, you can contact our team or visit the website for more information.
What personal data does Skyfish collect?
Skyfish only collects the data needed to fulfill the contract, such as name and email address.
If photos of people such as employees are uploaded, this is the only personal data that Skyfish stores.
How can I be sure that my data is protected at Skyfish?
Skyfish is committed to privacy and security. Compliance with ISAE 3000 standards and regular Transfer Impact Assessments (TIA) ensure adequate protection of your data.
What is the difference between the License Agreement and the DPA?
The License Agreement governs the general terms of use and privacy policies, while the DPA sets forth specific terms for processing your data on behalf of Skyfish.
What rights do I have regarding my personal data at Skyfish?
As a user, you have the right to access, rectify, delete and restrict your data. You may also withdraw your consent to processing and receive your data in a structured format.
How long will Skyfish store my data?
Skyfish stores your data only for the period necessary to fulfill the contract or legal requirements. After termination of the services, your data will be deleted or returned.
What happens if a data breach occurs?
In the event of a data breach, Skyfish will notify customers as required by law and take steps to ensure the security of the data and prevent such incidents in the future.
Who has access to my data at Skyfish?
Only you and your authorized users have access to your data at Skyfish.
Are there any rules regarding the transfer of my data to third countries?
Yes, the license agreement and the DPA regulate the conditions for the transfer of your data to third countries and ensure that the data protection regulations are complied with.
