Terms and Conditions

Key Terminologies

  • Access: The provision of rights to use the ParseFlow platform and related Cloud Platforms as defined in the agreement.
  • Affiliate: Any entity that is under direct or indirect control of, or shares control with, a party.
  • API: The application programming interface provided by Devkonic GmbH to facilitate integration and interaction with ParseFlow.
  • Cloud Platform: ParseFlow, the software, tools, and platform developed and maintained by Devkonic GmbH for document processing and related workflows.
  • Company Content: All data, materials, and software components owned or licensed by Devkonic GmbH, excluding customer data.
  • Confidential Information: Non-public information shared between parties, which is marked or reasonably expected to be confidential.
  • Customer: The end-user of the ParseFlow platform and related services, engaged directly with Devkonic GmbH.
  • Customer Data: Information or materials inputted into the ParseFlow platform by or on behalf of the customer.
  • Data Protection Laws: Applicable regulations governing personal data, including the GDPR and related codes or standards.
  • Devkonic GmbH: The legal entity responsible for developing, operating, and maintaining the ParseFlow platform, including all associated tools and services. Devkonic GmbH is headquartered in Schützenweg 17, Bad Heilbrunn, 83670, Germany. Contactable on dev@parseflow.io
  • Free Trial: A limited-duration, no-cost evaluation period for access to the ParseFlow platform.
  • Insolvent: A state where a party is unable to meet its financial obligations or is undergoing formal bankruptcy or liquidation procedures.
  • Intellectual Property Rights: Legal rights protecting creations such as patents, trademarks, copyrights, and trade secrets.
  • Personal Data: Information that identifies or relates to an individual, as defined under applicable data protection laws.
  • Proof of Concept: A preliminary phase allowing the customer to evaluate ParseFlow’s functionality before committing to full access.
  • Subscription Fees: The fees specified in the Subscription Instruction, payable by the customer for the provision of access to ParseFlow.
  • Subscription Instruction: A written or electronic instruction specifying the terms for access provision.
  • System Entry Points: Interfaces or mechanisms (e.g., URLs, user IDs, API keys) that enable the customer to securely connect to and interact with ParseFlow.
  • Term: The duration during which the agreement is in effect.
  • Terms of Use: The agreement governing the provision and use of ParseFlow, including any schedules, appendices, and related documents.
  • URL: The web address through which the customer accesses ParseFlow.

1. Provision of Access

  • 1.1 Access Grant: Devkonic GmbH (“Devkonic GmbH”) shall provide the customer with access to the ParseFlow platform, as specified in the Subscription Instruction, upon receipt of the applicable Subscription Fees.
  • 1.2 Authorized Use: The customer is granted a non-exclusive, non-transferable right to use the ParseFlow platform solely for its internal business purposes during the term.
  • 1.3 Compliance: The customer agrees to comply with these Terms of Use, any applicable policies or guidelines published by Devkonic GmbH, and all relevant laws and regulations.
  • 1.4 System Entry Points: Devkonic GmbH shall provide the necessary System Entry Points (e.g., user IDs, API keys) to enable the customer’s use of ParseFlow. The customer is responsible for maintaining the confidentiality of these methods.
  • 1.5 No Warranties of Uninterrupted Service: Devkonic:
    • (a) Does not warrant that the customer"s use of or access to ParseFlow will be uninterrupted, error-free, or immune from all potential risks or vulnerabilities inherent in digital systems.
    • (b) Is not liable for delays, delivery failures, or any other loss or damage resulting from the transfer of data over communication networks and facilities, including the internet. The customer acknowledges that ParseFlow and its System Entry Points may be subject to limitations, delays, and other issues inherent in such networks.
    • (c) Provides no warranties or assurances as to the fitness for purpose of ParseFlow, System Entry Points, or any Company Content provided through the platform.
  • 1.5.1 Exclusion of Implied Terms: To the fullest extent permitted by law, all conditions, warranties, and terms implied by law, statute, or otherwise are excluded, including but not limited to any implied conditions, warranties, or terms related to satisfactory quality, fitness for a particular purpose, or non-infringement.
  • 1.5.2 Customer Responsibility: The customer is solely responsible for determining whether the ParseFlow platform and its System Entry Points meet their specific needs, expectations, and requirements.

2. Liability

  • 2.1 Unlimited Liability: Nothing in these Terms of Use shall exclude or limit either party’s liability for:
    • (a) death or personal injury caused by negligence;
    • (b) fraud or fraudulent misrepresentation; or
    • (c) any other liability that cannot be limited or excluded by law.
  • 2.2 Exclusion of Indirect Damages: Devkonic GmbH shall not be liable for:
    • (a) loss of profits, revenue, or business opportunities;
    • (b) indirect, special, or consequential losses;
    • (c) damages caused by the customer’s misuse or unauthorized access to ParseFlow.
  • 2.3 Cap on Liability: Devkonic GmbH’s total liability arising out of or in connection with this agreement, whether in contract, tort, or otherwise, shall not exceed the Subscription Fees paid by the customer in the 12 months preceding the event giving rise to the claim.

3. Payment Terms

  • 3.1 Payment Methods: Payments must be made via electronic transfer or other agreed methods. The customer authorizes Devkonic GmbH to process payments using third-party payment processors, where applicable.
  • 3.2 Tax Obligations: All fees are exclusive of VAT or other applicable taxes, which shall be borne by the customer.
  • 3.3 Invoice Payment: Unless otherwise specified, all invoices are payable within 30 days of receipt. Disputes regarding invoices do not absolve the customer from timely payment.
  • 3.4 Late Payments: Late payments may incur interest at the rate of 2% per annum above the European Central Bank base rate, accruing daily. Devkonic GmbH reserves the right to suspend access to ParseFlow until overdue amounts are paid.

4. Customer Responsibilities

  • 4.1 Customer Obligations: The customer is solely responsible for:
    • (a) determining the suitability of ParseFlow for its needs;
    • (b) providing necessary equipment, network, and systems for access;
    • (c) ensuring authorized users are trained to use ParseFlow appropriately.
  • 4.2 Acceptable Use: The customer agrees not to:
    • (a) use ParseFlow for any unlawful or unauthorized purpose;
    • (b) tamper with, reverse-engineer, or copy ParseFlow technology;
    • (c) exceed agreed-upon usage limits or violate Devkonic GmbH"s Acceptable Use Policy.
  • 4.3 Data Accuracy and Ownership: The customer retains ownership of all Customer Data submitted to ParseFlow and is solely responsible for its legality, accuracy, and integrity.
  • 4.4 Security Measures: The customer must take reasonable precautions to prevent unauthorized access to ParseFlow and promptly notify Devkonic GmbH of any security breaches.

5. Free Trial, Subscription Instructions, and Fees

  • 5.1 Free Trial: Devkonic GmbH may offer a free trial of the ParseFlow platform for a period specified at its discretion. The trial is limited to evaluating ParseFlow’s features for potential business use. Free trials may be terminated or extended at Devkonic GmbH’s sole discretion.
  • 5.2 Subscription Instructions: The customer must submit an Subscription Instruction to obtain paid access to ParseFlow. Each Subscription Instruction shall detail the fees, duration, and scope of access and is subject to these Terms of Use.
  • 5.3 Subscription Fees: Subscription Fees are due as specified in the Subscription Instruction. Failure to pay fees on time may result in suspension or termination of access. All fees are non-refundable, except as otherwise agreed in writing.
  • 5.4 Fee Adjustments: Devkonic GmbH reserves the right to adjust Subscription Fees at the end of the term or renewal period, provided at least 60 days notice is given.

6. Confidentiality

  • 6.1 Confidential Information: Each party agrees to treat as confidential all information disclosed by the other party that is marked as confidential or should reasonably be understood to be confidential. This includes but is not limited to business strategies, technical details, customer data, and pricing information.
  • 6.2 Use of Confidential Information: Confidential information may only be used as necessary to fulfill obligations under these Terms of Use. Neither party shall disclose such information to third parties without prior written consent, except as required by law.
  • 6.3 Exclusions: The confidentiality obligations do not apply to information that:
    • (a) is publicly available at the time of disclosure or becomes publicly available without breach of these terms;
    • (b) was already known to the receiving party before disclosure;
    • (c) is lawfully disclosed by a third party; or
    • (d) must be disclosed under legal or regulatory requirements.
  • 6.4 Return of Confidential Information: Upon termination of this agreement, each party must return or destroy all confidential information received, except as required to comply with legal or regulatory obligations.

7. Limitations of Liability

  • 7.1 No Warranty of Uninterrupted Access: The customer acknowledges that access to the ParseFlow platform may occasionally be interrupted or delayed due to factors beyond Devkonic GmbH"s control, such as network or system failures. Devkonic GmbH does not guarantee uninterrupted or error-free access.
  • 7.2 Exclusion of Certain Liabilities:
    • (a) Devkonic GmbH shall not be liable for any delays, delivery failures, or damages resulting from the transfer of data over communications networks and facilities, including the internet.
    • (b) The customer acknowledges that access to ParseFlow is subject to limitations, delays, and other issues inherent in the use of such communications facilities.
  • 7.3 Disclaimer of Fitness for Purpose: Devkonic GmbH makes no warranties or assurances that the ParseFlow platform will meet the specific needs, expectations, or requirements of the customer. All services are provided "as is," without warranties of merchantability or fitness for a particular purpose.
  • 7.4 Limitation of Implied Warranties: All other conditions, warranties, or terms implied by law are excluded to the fullest extent permitted, including warranties regarding satisfactory quality or fitness for purpose.

8. Customer Obligations

  • 8.1 Cooperation: The customer shall provide Devkonic GmbH with all necessary cooperation, including timely access to information, systems, or personnel, to facilitate the provision of services.
  • 8.2 User Management: The customer is responsible for ensuring that all users accessing the ParseFlow platform comply with these Terms of Use and any applicable policies. Any discovery of unauthorized access or use must be reported immediately to Devkonic GmbH.
  • 8.3 Restricted Activities: The customer shall not:
    • (a) download, copy, or modify any portion of the ParseFlow platform, except as expressly permitted;
    • (b) create derivative works from, mirror, or redistribute ParseFlow without prior written consent;
    • (c) access the platform in a way that could impair its functionality or compromise security.
  • 8.4 Lawful Use: The customer agrees to use ParseFlow solely for lawful purposes and to ensure compliance with applicable laws when processing data.
  • 8.5 Data Security: The customer shall take all reasonable steps to secure its access credentials and protect against unauthorized use. Any breach of security, such as lost or stolen credentials, must be reported to Devkonic GmbH immediately.

9. Intellectual Property

  • 9.1 Ownership of ParseFlow: All intellectual property rights in the ParseFlow platform, associated documentation, and company content are owned exclusively by Devkonic GmbH or its licensors. The customer is granted no ownership rights.
  • 9.2 Ownership of Customer Data: The customer retains all rights and ownership of the data it uploads to the ParseFlow platform.
  • 9.3 Limited License to Customer Data: The customer grants Devkonic GmbH a non-exclusive, royalty-free license to process customer data solely for purposes of providing access, fulfilling contractual obligations, and improving the platform.
  • 9.4 Training Data: Devkonic GmbH may use anonymized and aggregated customer data to enhance platform functionality and performance. Such data shall remain confidential and will not be identifiable to any specific customer.
  • 9.5 Prohibited Use: The customer shall not:
    • (a) claim ownership of any intellectual property rights associated with ParseFlow;
    • (b) attempt to reverse-engineer or decompile the platform.

10. Data Processing and Confidentiality

  • 10.1 Data Protection Compliance: Devkonic GmbH and the customer shall comply with all applicable data protection laws, including GDPR, in processing personal data. Devkonic GmbH will process customer data solely as a data processor acting on the customer’s instructions.
  • 10.2 Mutual Indemnification:
    • (a) The customer shall indemnify Devkonic GmbH against claims, losses, or damages arising from customer data or misuse of ParseFlow.
    • (b) Devkonic GmbH shall indemnify the customer against claims, losses, or damages resulting from third-party allegations of intellectual property infringement due to the use of ParseFlow.

11. Term and Termination

  • 11.1 Term of Agreement: This agreement begins on the effective date specified in the Subscription Instruction and continues for the duration outlined in the Subscription Instruction or Free Trial.
  • 11.2 Automatic Renewal: Unless otherwise specified, the agreement will automatically renew for successive 12-month terms unless either party provides written notice of non-renewal at least 60 days before the end of the current term.
  • 11.3 Termination for Breach: Devkonic GmbH may terminate this agreement or suspend access to ParseFlow if the customer:
    • (a) fails to pay outstanding invoices within 10 days of written notice;
    • (b) violates any provision of these Terms of Use; or
    • (c) engages in persistent breaches of its obligations.
  • 11.4 Termination for Insolvency: Either party may terminate the agreement if the other becomes insolvent, files for bankruptcy, or ceases to operate as a going concern.
  • 11.5 Effect of Termination: Upon termination:
    • (a) all licenses granted under this agreement immediately terminate;
    • (b) the customer must cease all use of ParseFlow and return or destroy any materials provided by Devkonic GmbH;
    • (c) any outstanding fees owed to Devkonic GmbH become immediately due and payable.
  • 11.6 Survival of Terms: Provisions related to confidentiality, intellectual property, liability, and other clauses that by their nature extend beyond termination shall remain in effect.
  • 11.7 No Refunds: Unless otherwise agreed in writing, no refunds shall be provided for any prepaid Subscription Fees, including fees paid for partially unused terms.

12. General Provisions

  • 12.1 Force Majeure: Devkonic GmbH shall not be held liable for any delay or failure in performance caused by circumstances beyond its reasonable control, including but not limited to acts of God, war, government actions, labor disputes, or disruptions in internet service. If such circumstances persist for more than 90 days, either party may terminate the agreement with written notice.
  • 12.2 Waiver: The failure of either party to enforce any provision of these Terms of Use shall not constitute a waiver of future enforcement of that or any other provision.
  • 12.3 Severability: If any provision of these Terms of Use is deemed invalid or unenforceable, the remaining provisions shall remain in full force and effect.
  • 12.4 Assignment: The customer may not assign or transfer its rights or obligations under this agreement without prior written consent from Devkonic GmbH. Devkonic GmbH may assign its rights and obligations to an affiliate or in connection with a merger, acquisition, or sale of assets.
  • 12.5 Independent Contractors: Nothing in this agreement shall create a partnership, joint venture, or agency relationship between the parties. Each party shall act as an independent contractor.
  • 12.6 Publicity and Marketing: Devkonic GmbH may identify the customer as a user of ParseFlow in its marketing materials unless the customer explicitly requests otherwise in writing.
  • 12.7 Entire Agreement: These Terms of Use, along with any referenced documents, constitute the entire agreement between the parties and supersede all prior agreements or understandings related to the subject matter.
  • 12.8 Amendments: Any amendments to these Terms of Use must be agreed upon in writing and signed by authorized representatives of both parties.
  • 12.9 Governing Law and Jurisdiction: This agreement shall be governed by and construed in accordance with the laws of Germany. Any disputes arising from or in connection with this agreement shall be resolved exclusively in the courts of Munich, Germany.
  • 12.10 Notices: All notices under this agreement must be in writing and sent to the official contact address of the receiving party. Notices delivered electronically are deemed effective upon receipt.

Data Protection Agreement

Key Terminologies

  • Approved Country: A country or territory deemed by the European Commission to provide an adequate level of data protection for personal data transfers under GDPR.
  • Customer Affiliates: Refers to the customer and any entities controlled by, controlling, or under common control with the customer within the European Economic Area (EEA) or the United Kingdom.
  • Data Subject Rights Request: A request by or on behalf of an individual to exercise their rights under Data Protection Laws, such as accessing, correcting, deleting, or transferring personal data.
  • Devkonic GmbH Entities: Refers to Devkonic GmbH and any subsidiaries or affiliates involved in providing services.
  • EEA: The European Economic Area, including associated territories such as Switzerland.
  • Personal Data: Information relating to an identified or identifiable individual that is processed under this agreement.
  • Standard Contractual Clauses (SCCs): Legally binding clauses issued by the European Commission or similar mechanisms under GDPR, facilitating international personal data transfers.
  • Sub-Processor: Any third party engaged by Devkonic GmbH to handle or process personal data on its behalf.

1. Data Protection Terms

  • 1.1 Roles of the Parties: The parties acknowledge and agree that:
    • (a) The customer acts as the data controller with respect to Personal Data processed under this agreement.
    • (b) Devkonic GmbH acts as the data processor, processing Personal Data on behalf of the customer, strictly in accordance with the customer’s written instructions and the terms outlined herein.
  • 1.2 Scope of Processing: Devkonic GmbH shall process Personal Data for the following purposes:
    • (a) To provide access to and operate the ParseFlow platform.
    • (b) To perform related support and administrative services as requested by the customer.
    • (c) To improve and enhance the functionality and performance of ParseFlow, subject to anonymization and aggregation where applicable.
  • 1.3 Details of Processing: The processing of Personal Data under this agreement includes:
    • (a) Subject Matter: Use of ParseFlow for document processing and related workflows.
    • (b) Duration: For the term of this agreement or until processing is no longer necessary for its purpose.
    • (c) Nature and Purpose: Data input, storage, transformation, and retrieval to support the customer’s business operations.
    • (d) Types of Personal Data: Data as submitted by the customer, which may include names, addresses, contact details, financial data, and other information necessary for document processing.
    • (e) Categories of Data Subjects: Includes the customer’s employees, clients, or any other individuals whose data is submitted to ParseFlow.
  • 1.4 Customer Responsibilities: The customer shall:
    • (a) Ensure the legality, reliability, and accuracy of all Personal Data submitted to ParseFlow.
    • (b) Obtain any required consents or authorizations for the lawful processing of Personal Data.
    • (c) Provide clear and lawful instructions to Devkonic GmbH regarding the processing activities.
  • 1.5 Devkonic GmbH’s Obligations: Devkonic GmbH shall:
    • (a) Process Personal Data only on documented instructions from the customer.
    • (b) Implement and maintain appropriate technical and organizational measures to protect Personal Data.
    • (c) Ensure that personnel authorized to process Personal Data are bound by confidentiality obligations.
    • (d) Provide assistance to the customer for compliance with Data Protection Laws, including responding to Data Subject Rights Requests, conducting data protection impact assessments, and cooperating with supervisory authorities.
  • 1.6 Security Measures: Devkonic GmbH shall implement industry-standard measures to ensure the confidentiality, integrity, and availability of Personal Data, including:
    • (a) Encryption of data at rest and in transit.
    • (b) Access controls to restrict unauthorized access.
    • (c) Regular audits and vulnerability assessments.
    • (d) Backup and disaster recovery protocols.
  • 1.7 Data Breach Notification: In the event of a data breach affecting Personal Data, Devkonic GmbH shall:
    • (a) Notify the customer without undue delay upon becoming aware of the breach.
    • (b) Provide details of the breach, including its nature, scope, and any measures taken to address it.
    • (c) Assist the customer in fulfilling any legal obligations to notify supervisory authorities or data subjects.
  • 1.8 Sub-Processors:
    • (a) Devkonic GmbH may engage Sub-Processors to assist with its obligations under this agreement.
    • (b) A current list of Sub-Processors shall be made available to the customer upon request.
    • (c) The customer may object to the appointment of a new Sub-Processor within ten (10) days of notification, provided that the objection is based on reasonable grounds relating to data protection.
    • (d) Devkonic GmbH shall ensure that all Sub-Processors are contractually bound to comply with obligations equivalent to those under this agreement.
  • 1.9 International Data Transfers: Devkonic GmbH shall not transfer Personal Data outside the EEA or Approved Countries unless:
    • (a) Such transfers are made in compliance with Standard Contractual Clauses (SCCs) or other approved mechanisms.
    • (b) Adequate safeguards are in place to protect the Personal Data during the transfer.
  • 1.10 Audit Rights:
    • (a) The customer may request information or conduct an audit to verify Devkonic GmbH’s compliance with this agreement, subject to reasonable notice and scope.
    • (b) Devkonic GmbH shall cooperate with such audits and provide all necessary information, provided the customer bears the costs of the audit.
  • 1.11 Assistance with Compliance: Devkonic GmbH shall provide reasonable assistance to the customer in ensuring compliance with its obligations under Data Protection Laws, including:
    • (a) Conducting data protection impact assessments.
    • (b) Responding to requests or inquiries from supervisory authorities.
    • (c) Ensuring timely responses to Data Subject Rights Requests.

2. Sub-Processors and Data Transfers

  • 2.1 Engagement of Sub-Processors:
    • (a) Devkonic GmbH may engage Sub-Processors to assist in providing the ParseFlow platform and related services.
    • (b) Devkonic GmbH shall ensure all Sub-Processors are bound by written agreements imposing obligations equivalent to those in this agreement.
    • (c) A current list of Sub-Processors shall be maintained and made available to the customer upon request.
  • 2.2 Objections to Sub-Processors:
    • (a) The customer may object to the addition of a new Sub-Processor within ten (10) days of being notified, provided the objection is based on reasonable data protection concerns.
    • (b) If the customer’s objection cannot be resolved, the customer may terminate the agreement with respect to the affected services by providing written notice, effective thirty (30) days after receipt.
  • 2.3 Sub-Processor Compliance: Devkonic GmbH shall remain fully liable to the customer for any acts or omissions of Sub-Processors that breach this agreement.

3. Audits

  • 3.1 Customer Audit Rights:
    • (a) The customer may audit Devkonic GmbH’s compliance with this agreement by reviewing documentation or conducting on-site audits, subject to reasonable notice and scope.
    • (b) Audits may be conducted no more than once annually unless required by a supervisory authority or in the event of a data breach.
    • (c) The customer shall bear all costs associated with such audits unless a material breach is identified.
  • 3.2 Provision of Information: Devkonic GmbH shall provide the customer with documentation or certifications upon request to demonstrate compliance with applicable Data Protection Laws.

4. International Data Transfers

  • 4.1 Transfer Mechanisms: Devkonic GmbH shall only transfer Personal Data outside the EEA or Approved Countries if:
    • (a) The transfer complies with Standard Contractual Clauses (SCCs) or another valid transfer mechanism under GDPR.
    • (b) Adequate safeguards are implemented to ensure data protection.
    • (c) The customer has been informed of the transfer and given the opportunity to raise objections, if applicable.
  • 4.2 Evidence of Safeguards: Upon the customer’s request, Devkonic GmbH shall provide evidence of the legal mechanisms in place for international data transfers, including executed SCCs or similar agreements.

5. Access requested by Public Authorities

  • 5.1 Notifications of Requests by Public Authorities:
    • (a) If Devkonic GmbH receives a legally binding request from a public authority for access to or disclosure of Personal Data, it shall:
      • (i) Notify the customer promptly, unless prohibited by law or regulatory order.
      • (ii) Provide the customer with relevant details of the request, including the scope and legal basis, to the extent permissible.
    • (b) Where notification to the customer is restricted, Devkonic GmbH shall use all reasonable efforts to challenge the request, including seeking to lift the prohibition on disclosure to the customer.
    • (c) Devkonic GmbH shall limit the disclosure of Personal Data to the minimum required to comply with the legal request and maintain a record of its actions.

6. Security Measures

  • 6.1 Technical and Organizational Measures: Devkonic GmbH shall implement industry-standard security measures to protect Personal Data, including:
    • (a) Data encryption during storage and transmission.
    • (b) Multi-factor authentication for access to systems containing Personal Data.
    • (c) Regular vulnerability and penetration testing.
    • (d) Continuous monitoring of infrastructure for potential threats.
  • 6.2 Access Control: Access to Personal Data shall be restricted to authorized personnel who require access to fulfill Devkonic GmbH’s obligations under this agreement.
  • 6.3 Data Minimization: Devkonic GmbH shall ensure that only the minimum amount of Personal Data necessary for processing is collected, stored, and used.
  • 6.4 Data Backups and Recovery: Devkonic GmbH shall maintain secure backups and implement disaster recovery protocols to ensure data availability and integrity in the event of a system failure or breach.
  • 6.5 Employee Training: Devkonic GmbH shall ensure that all employees with access to Personal Data receive regular training on data protection and security practices.
  • 6.6 Incident Response Policy: Devkonic GmbH shall maintain an incident response policy to detect, respond to, and mitigate data breaches or security incidents promptly.
  • 6.7 Review and Updates: Devkonic GmbH shall periodically review and update its security measures to address emerging threats and maintain compliance with industry standards.

1. Data Protection and Security Practices

  • 1.1 Policy Updates and Reviews: Devkonic GmbH regularly reviews its security policies and practices to:
    • Align with evolving industry standards and regulatory requirements.
    • Address new or emerging threats.
  • 1.2 Employee Training and Awareness: Devkonic GmbH employees receive regular training on data protection, security policies, and compliance requirements.
  • 1.3 Access Control:
    • (a) Devkonic GmbH restricts access to its processing facilities and systems to authorized personnel only. Measures include:
      • Secure office premises with restricted physical access during and outside business hours.
      • Role-based access control for data systems.
      • Multi-factor authentication for system access.
    • (b) Servers hosting Personal Data are located in secure, ISO-certified data centers with restricted access.
  • 1.4 User and Authorization Management:
    • (a) Access to ParseFlow systems is granted based on the principle of least privilege, ensuring users only have the permissions necessary for their role.
    • (b) User roles and permissions are reviewed regularly to maintain appropriate access levels.
    • (c) Employees undergo identity verification and offboarding protocols to revoke access immediately upon termination.
  • 1.5 Data Minimization: Devkonic GmbH ensures that only the minimum amount of Personal Data necessary for the agreed purposes is collected, processed, or stored.
  • 1.6 Data Storage Control: Devkonic GmbH ensures that all data storage devices:
    • Are encrypted to prevent unauthorized access.
    • Are securely disposed of when no longer in use.
    • Include mechanisms for redundancy to protect against data loss.
  • 1.7 Physical Security: On-premises equipment is housed in secure facilities with restricted access.
  • 1.8 Data Separation: ParseFlow systems are designed to segregate data to ensure that data processed for different customers remains isolated.
  • 1.9 Data Transmission Security: All data transmissions between ParseFlow and its users are secured using:
    • Encrypted communication protocols (e.g., HTTPS, TLS).
    • Monitoring to prevent unauthorized access or interception of data during transfer.
  • 1.10 Data Backup and Recoverability:
    • (a) ParseFlow data is backed up regularly to ensure recoverability in the event of a failure or breach.
    • (b) Backup data is stored in secure, geographically distributed locations to ensure resilience.
    • (c) Devkonic GmbH maintains disaster recovery and business continuity plans to minimize downtime.
  • 1.11 Incident Monitoring and Response:
    • (a) Devkonic GmbH actively monitors its systems for potential threats, breaches, or vulnerabilities.
    • (b) A defined incident response process ensures prompt detection, containment, and mitigation of security events.
    • (c) All incidents are logged and reviewed to enhance future security measures.
  • 1.12 System and Software Maintenance:
    • (a) ParseFlow’s systems undergo regular vulnerability assessments and penetration testing.
    • (b) Security patches and updates are applied promptly to address known vulnerabilities.
    • (c) Only up-to-date and supported software is deployed.
  • 1.13 Data Access Logs and Auditing:
    • (a) All access to Personal Data is logged and monitored to ensure accountability.
    • (b) Logs are regularly reviewed to detect and investigate anomalies or unauthorized activities.
  • 1.14 Third-Party Compliance:
    • (a) Devkonic GmbH ensures that any third-party service providers meet equivalent security standards through thorough vetting and contractual obligations.
    • (b) Third parties processing Personal Data are subject to strict data processing agreements.