Declaration on Data Protection

(Pursuant to sections 5, 13 of the German Telemedia Law, TMG, and sections 28, 30 of the German Law on Data Protection, BDSG)

0. Definitionen

EACG                            means EACG GmbH the producer and owner of the ASCAMSO and TrustSource solutions, as well as the EACG Website.

EOS                               means EACG Operations Solutions GmbH the operator of the ASCAMSO and TrustSource solutions

ASCAMSO                     inidicates the SaaS-Solutions which provides SaaS-Analysis and Rating information either collected on behalf of a customer or on private request

TrustSource                    indicates the SaaS-Lösung, which accepts the scan results, analyses and generates reports as well as supports the management process of the Open Source Risk Management and Governance

Scanner                          means the component responsible to transfer the list of identified open source components, to TrustSource. These are mostly open source by themselves.

Account                         Company specific, potentially associated with fees, access to ASCAMSO or TrustSource, that can be used by one or more legitimate persons to access ASCAMSO respectively TrustSource.

I. General

EACG agrees to comply with the existing and applicable legislation of the German and European law on data protection in the design of the platform and the service offer. We are committed to the right to informational self-determination and data protection at the highest possible level as well as to the protection of technical and/or commercial trade secrets. Our protective measures are constantly subject to review and improvement in light of ongoing technological developments in order to protect your personal data processed by EOS against any accidental or intentional manipulation, loss, destruction or access by unauthorized persons (see sections 9, 11 of the German Law on Data Protection, Bundesdatenschutzgesetz – BDSG). We also commit our employees and cooperation partners as well as any other aides to respect the values of secrecy and data protection.

2.1 What is ASCAMSO , and who is responsible for ASCAMSO?

ASCAMSO is a software-as-a-service platform. The trademark ASCAMSO is protected under copyright and trademark law. Responsibility in accordance with data protection laws and service provider in accordance with the German Telemedia Law (TMG) lies with EACG Operations Services GmbH (EOS), Taunustor 1, D-60310 Frankfurt am Main, Telefon +49 69 153 22 77 50, Email eos@eacg.de. EOS also is the processor of data for the ASCAMSO platform.

2.2 What is TrustSource, and who is responsible for TrustSource?

TrustSource is a software-as-a-service platform. The trademark TrustSource is protected under copyright and trademark law. Responsibility in accordance with data protection laws and service provider in accordance with the German Telemedia Law (TMG) lies with EACG Operations Services GmbH (EOS), Taunustor 1, D-60310 Frankfurt am Main, Telefon +49 69 153 22 77 50, Email support@trustsource.io. EOS also is the processor of data for the TrustSource platform https://app.trustsource.io.

3. Which personal data of our customers do we collect and use?

We collect and use customer data for fulfilling contracts and processing payments, as well as data for mandatory inspections upon purchase on account and other transactions subject to VAT.

4. Which information is compiled, processed, stored and/or transferred, and how?

The information you provide with the order and for managing your account will be stored and processed by us. In particular, this includes the information you enter on our website (for instance upon registration with the platform of TrustSource or the websites EACG or ASCAMSO, or upon the purchase of a particular license). These are data which are required for the conclusion, content-related design or modification of your contract (inventory data). We will use these data only to fulfil our contract with you. They will be used only for communicating with you and the purpose for which you have provided the data.

In addition you respectively the Scanner you will employ will transfer structural information about your source code composition. This information will be stared into your account and will be visible with access rights to this account only. Each component information transferred can be marked as „public“ or „private“. The components marked as „public“ will reviewed by our analysis services and monitored for known vulnerabilities accordingly. However, all this kind of data will only be accessible and visible to members of your account.

5. How will license information be collected, and what happens with it?

You may use your individual license data pursuant to our General terms and Conditions. In Addition to this the data transferred by your Scanners can be injected into a data pool with other data, be stored, processed and transferred. This will be done only in anonymised form pursuant to section 30 of the German Law on Data Protection, BDSG. TrustSource will hold the exclusive copyright and right of use concerning the structure data transferred to TrustSource in that way and combined in a pool. The data will be transferred exclusively for business purposes of TrustSource and EOS or EACG, as well as for research purposes. Anonymization prevents any tracing and/or personal association of your personal data.

 6. How safe is it to communicate with us?

In order to protect your data, data stored by us can be accessed only via an encrypted connection; in addition, a firewall guarantees the highest possible level of protection for your data. Registration via our website, as well as the use of the TrustSource platform or ASCAMSO solutions, is made exclusively in encrypted form via a SSL/ TSL (Secure Sockets Layer/ Transport Layer Security) connection.

7. Which data will be stored, either in the long term or temporarily, when you visit our website or access us from the internet?

Upon each user access to our webpages, data on this process will be temporarily stored and processed in a log file. The following data will be compiled and stored until they are automatically deleted:

  • IP address of the retrieving computer;
  • Date and time of access;
  • Name and URL of the page retrieved;
  • Notice on whether the retrieval was successful;
  • Identification data of the browser and operating system used;
  • Website from which access was made;
  • Name of your internet access provider.

The storage of data takes place due to a specific purpose. The processing of data is carried out for the purpose of enabling use of the website (establishing a connection) and, in addition to this, serves the security of the system, the technical administration of the network infrastructure as well as the optimization of the online services. The data will be evaluated for statistical purposes only, used to improve our services and then subsequently deleted. Information on the address can, as a general rule, be analyzed only upon attacks of the network infrastructure of TrustSource, EOS or EACG.

Furthermore the tracking data (session/ip, pages) are transferred to Google-Analytics and Leadfeeder services for the analysis of your behaviour on our site to allow optimisation and improvement our offering. We will use such data solely for our own acquisition purposes.

Except in the cases stated in the Declaration on Data Protection, personal data will not be processed unless you explicitly consent to more extensive or further processing.

8. In which cases must or may we transfer your data to third parties?

Where necessary, the data and information stored by us may be used and disclosed to third parties pursuant to the applicable law upon a court order, a legally valid request by an investigative authority or for evidentiary purposes (for instance, upon breach of our General Terms and Conditions).

9. Where can I find information on the data stored?

Of course, we provide registered customers information on the data stored by us about them. Please direct your request to eos@eacg.de or in case of Trustsource to the TrustSource Support using the “help”-function inside the application.

Any questions remaining?

Do not hesitate contacting us!