Privacy and Security Hub
The use of snapADDY software is safe in terms of data protection and the General Data Protection Regulation (GDPR). This applies as long as the processes in your company are well regulated and the necessary framework conditions – such as the conclusion of an Order Processing Agreement with snapADDY – have been adhered to.
Thanks to snapADDY's solutions, your company's staff record or enrich contact data with accessible information to them (such as business cards, email signatures) or public sources (such as websites, Google Maps, business networks), creating new contacts, updating, or completing existing contacts in your CRM system.
snapADDY solutions process personal contact data that would be available to your company's staff (in unstructured form) even without using the snapADDY software. For example, data from sources that are only accessible to your company (e.g., business cards, email inboxes) as well as public data sources (e.g., legal notice pages, business networks).
The snapADDY solutions facilitate and partially automatize the recording of contact data from such sources for your staff. snapADDY does not use any internal database of contact data beyond the external sources mentioned above for enriching or adding contact information.
Data sources and related uses:
- Email signatures
- Websites & legal notices
- Google Maps
- Business cards
- Business networks
The data storage and business logic of our software solutions are performed at Amazon Web Services (AWS) in Frankfurt am Main, Germany. Consequently, personal data processing takes place exclusively in the EU or Germany and such data will always remain within the European Union. We have concluded all contracts required for the GDPR with AWS as a subcontractor; furthermore, our hosting provider is ISO-certified.
No, your customer data and the contacts you record will not be shared with other companies or used to create a contact database. All contact data you record is accessible only to your company.
In general, contacts captured by our customers are not stored long-term in snapADDY solutions but are exported to a CRM system (or Excel, etc.) after being processed. Once the data has been deleted from the snapADDY software, it is permanently deleted from our systems after the backup deadlines expire.
As an administrator, you can set in the snapADDY software that all recorded data is automatically deleted after being exported.
Besides the Order Processing Agreement, there are technical and organisational measures (TOMs) to ensure data security. These measures meet the standards required by the GDPR.
You can download an overview of our TOMs here:
We use the cloud hosting provider Amazon Web Services (AWS) as a subcontractor for deploying our products and Google's Cloud Vision service for the text recognition (OCR) of business cards.
You can find a full list of subcontractors in our Order Processing Agreement:
Order Processing Agreement
The use of snapADDY software does not change your current procedures and requirements for creating new contacts or leads in your CRM or other systems. Only the previously manual creation of a new contact will be partially automated.
Of course, your staff and CRM users must comply with applicable law when using the software and, if necessary, obtain the consent of the individuals being processed.
For example, if there is a current business opportunity and your staff creates a lead in the CRM system for legitimate interest, then snapADDY only automatizes this manual step. If your staff store any contact data in the CRM without the consent of the concerned person, this action would not be GDPR compliant, regardless of whether snapADDY software is used or not.
By generating updated suggestions for contacts based on sources available to you or public sources (business cards, email signatures, business networks), the principles of the GDPR (e.g., the principle of accuracy of stored data) are also positively applied.
Since snapADDY solutions process personal data, you must conclude an Order Processing Agreement with snapADDY according to Art. 28 of the GDPR.
All important rights and obligations for you as a client and us as a contractor are specified in this agreement. Please use our sample agreement for this purpose, sign it and send it back to firstname.lastname@example.org.
Individual Order Processing Agreement
It is also possible to fill in and sign a customized order processing form that you have created. However, we will have to charge you for the cost of legal review of your documents.
The decision of the Court of Justice of the European Union on the Privacy Shield ("Schrems II") is related to our hosting provider AWS. We process all customer data exclusively in the AWS data centers in Frankfurt am Main; this data will always remain within the EU. Additionally, we signed a GDPR Data Processing Addendum with AWS, containing the Standard Contractual Clauses. This addendum ensures that even if data is transferred outside the EU, it will be treated by AWS to the same high standards of security and data protection that it would be in the EU. This mechanism has been validated by the Court of Justice of the European Union.
For more information, please consult the related AWS page:
snapADDY's solutions do not create a copy of the data in your CRM system but are based on bidirectional interfaces that retrieve the information required for the respective action directly from your CRM system. For example, this includes the automatic duplicate check that searches in real-time for possible duplicates of a contact in your CRM system.
We assigned Dr. Christian Borchers as external data protection representative from datenschutz süd GmbH. This is his contact information:
datenschutz süd GmbH
Dr. iur. Christian Borchers