Data protection at Seatti

Seatti is a trademark of Seatti GmbH, a German company (Imprint). We respect and value the protection of personal data, both for our customers and for ourselves, and are constantly striving to fully comply with the European GDPR regulations and in particular the GDPR regulations. This document describes our comprehensive program to not only comply with the law, but to assure every user of Seatti Services that their data is secure. If you have any further questions regarding compliance with the GDPR, data security and data protection rights, please contact us at compliance@seatti.co.

  • Services
  • Privacy by Design
  • Datenauftragsverarbeitung
  • Privacy Policy Website

Services

We offer a paid service to businesses and other organisations who wish to use our services as an integrated professional tool, which can also be integrated with third-party tools to enhance the user experience for our users. For this, we have a data processing agreement that sets out how we process personal data as a data processor on behalf of a client.

Privacy by Design

At Seatti, we make a point of designing our services in such a way that the rights of users are already protected in the best possible way by the way they are implemented. Consequently, our services are built according to the requirements of Privacy by Design (also called data protection by design), which are also laid down in Art. 25 of the European GDPR. This means that appropriate technical and organisational measures to ensure data protection are already taken into account when determining the means of data processing. This is manifested in a set of principles on how we set up our infrastructure and how we collect and process data, and are an integral part of our AV contract as a data processor.

Data minimization

We only store and process as much data as necessary to provide our core functionalities and a great user experience. We actively avoid storing data solely for the purposes of marketing, data accumulation or other purposes that are not related to a smooth experience for our users. Personal data, specifically only a user ID and email is stored, while any other association data is only added directly to the customer system and is neither stored nor visible in our systems.

Data storage and processing within the EU

To ensure full transparency, familiarity and compliance with regional regulations and the GDPR, we store and process data as often as possible on servers located on the territory of the European Union. As of now, all data processing of personal data takes place on servers of our service provider. See the list of sub-processors for more details.

Security infrastructure

Our infrastructure and internal security boundaries should meet the highest security standards to preventively avoid any kind of data breach. This concerns the security policies of our team, e.g. the way we collaborate and communicate sensitive data or how access rights are distributed among team members and their roles, but also the selection of service providers and sub-processors. Our main Azure processor is built on the principles of Security by Design and provides a variety of services that we have implemented to ensure data security. These and other security measures are detailed in our Technical and Organizational Measures documented, which are also part of our AV contract as a contractor.

Data commission processing

Download Seatti AV contract as .pdf

We use an AV contract to maintain all the protections of current legislation.We have also ensured that we have AVs in place with all our sub-processors to ensure full vertical data protection.


The AV contract is concluded and signed individually with each client for whom we act as contractor.

Subcontractor

Below you will find a list of all our subcontractors and the data processing agreements concluded with them. In particular, due to the invalidation of the EU/US Privacy Shield, we try to process all personal data in EU territory. We have also selected servers located exclusively in the EEA for our main infrastructure provider Azure. Even after the invalidation of the Privacy Shield, the standard contractual clauses approved and regulated by the EU offer a level of data protection that complies with the GDPR. These clauses are anchored in Azure's Data Processing Addendum, which can be downloaded below.

Only in exceptional cases, if the provider landscape requires it, do we use providers outside the EU.

Provider Name: Microsoft Ireland Operations Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.

  • Service for Seatti GmbH: Provision of data center infrastructure Hosting, e-mail dispatch
  • Server location: EU (Germany, Ireland and Netherlands)

Provider name: Tableau Salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany

  • Service for Seatti GmbH: Data analysis and reporting to optimize internal processes
  • Server location: EU

Documents for download