United Signals Subcontractors

Standard Subcontractors

Github, Inc.

Service Name / Type: git repo/project management

Address: 88 Colin P Kelly Jr Street, San Francisco, CA 94107, United States

Purpose of use

Project management: GitHub provides boards, projects, and milestones to simplify organizing and managing projects. These functionalities enable teams planning their work, prioritizing tasks, and monitoring progress.
Git repository: This is a storage place to save all of a project’s files, directories, change histories and configuration details which are managed using the version controll system Git.

Types of Personal Data

Issue management: Issues are used for communication between United Signals and the business client for whom a software solution is implemented and maintained. In this context, GitHub processes client employee data. Also personal data of client’s customers might be processed if entered explicitly by employees of the business client or United Signals to solve specific incidents.

WIIT AG

Service Name / Type: Cloud hosting service

Address: Joachim-Erwin-Platz 3, 40212 Düsseldorf, Germany

Purpose of use

Provision of Cloud Computing Infrastructure: That includes provision of virtual machines, servers as well as data storage and networks enabling clients to run their applications and services in the Cloud.

Types of Personal Data

Log files: United Signals encrypts with own keys hard disks on which personal data are stored by the application. Nevertheless, at some points of the system, fragments of client data may be stored in unstructured form in log files, e.g., email addresses in the log file of the mail server. There are no processes defined which give WIIT access to these log files, neither are there any explicit accesses or back doors available for WIIT employees. To get access to these personal data a WIIT employee would have to access and scan the contents of the hard disk on purpose.

Optional Subcontractors

com

Service Name / Type: Address verification

Address: 210 King St, San Francisco, CA 94107, United States

Purpose of use

Lob’s USPS and global address verification API provide accurate real-time validation and accumulation of postal addresses.

Types of Personal Data

Typically, the following kinds of address data can be processed:

Street name and house number
ZIP code
Information about city and country
Additional address data, e.g., appartment number, store number etc.

Functional Software, Inc. (sentry.io)

Service Name / Type: Error tracking

Address: 45 Fremont Street, 8th Floor, San Francisco, CA 94105, United States

Purpose of use

Supports finding, analyzing, and fixing errors and issues in applications and software products. Sentry.io logs and processes technical information about errors, crashes and exceptions that occur in our applications which provides our developers with valuable insights about the performance and the stability of their software.

Types of Personal Data

Error reports: Sentry.io gets from our system information about occurring errors and exceptions within applications. That includes stack traces, error messages, error causes, run time environments and other technical information that might support with analyzing errors and crashes.
Event data: Besides error reports, Sentry.io can also collect additional information about the context of an error. That includes custom tags, environment variables, request parameters, and other information that can help understanding the errors.
IP addresses: In order to find and analyze potential security threats, Sentry.io can also log IP addresses of users or devices that triggered the error.

IDnow GmbH

Service Name / Type: Remote ident & E-Sign

Address: Auenstrasse 100, 80469 Munich, Germany

Purpose of use

The purpose of use of IDnow is to verify a person’s identity online and guarantee the security of online transactions. To accomplish this, IDnow uses several technologies including video identification, biometric procedures, and machine learning to perfom a reliable and fast identity verification.

Identity verification: IDnow processes personal data to verify users’ identities who want to register for several services or perform transactions online. This is especially important to companies which interact with customers in a digital environment and must guarantee that an identified person is actually the person they claim to be.
Security and fraud prevention: By processing identification data, IDnow supports reducing cases of fraud and strengthen the security of online transactions. The data processing allows for identifying and preventing suspicious activities and anomalous patterns.

Types of Personal Data

Personal data: These include information like given name, family name, date of birth, sex, nationality, number of personal ID card or passport, and postal address. These data are usually used for identifying users and verifying a user’s identity.
Biometric data: IDnow can process biometric data to verify a user’s identity, including fingerprints, facial images, and other biometric characteristics.
Technical information: IDnow can process technical data used in the context of performing identification and authentication, including IP addresses, device details (e.g., device ID, operation system, browser type), location, and time stamp.
Transaction data: If IDnow is involved in performing transactions, transaction data can be processed to trace and validate the transaction.

Twilio Inc.

Service Name / Type: Cloud Communication Platform

Address: 101 Spear Street, San Francisco, CA 94105 United States

Purpose of use

The SMS functionality provided by Twilio is used to send automated or transactional text messages (e.g., verification codes, notifications, tokens) to end users’ mobile phones. It enables secure, reliable, and scalable communication as part of a digital service or application.

Types of Personal Data

Typically, the following kinds of data can be processed:

Phone number
Meta data of the communication (Date, time, status of the message, IP-address)
Optional: Content of the SMS (if personal data is included)

5. inSign GmbH

Name/type of service: E-Sign

Address: Am Bäckeranger 2, 85417 Marzling

Purpose of use:

The purpose of using inSign is to capture electronic signatures in a legally compliant, secure, and efficient manner. inSign enables contracts and other legally relevant documents to be signed digitally, replacing and accelerating paper-based processes. The solution supports various signature levels, including simple, advanced, and qualified electronic signatures, and meets the requirements of the eIDAS Regulation

Digital signature capture: inSign processes personal data to verify the identity of the signatory and create electronic signatures. This ensures the authenticity, integrity, and traceability of the signature and the signed document

Document management and traceability: By processing relevant data, inSign enables legally compliant documentation of the signature process, including time stamps and audit trails

Security and legal compliance: Data processing by inSign serves to comply with legal requirements (e.g., GDPR, eIDAS) and to protect against unauthorized access or misuse in the context of the digital signature process

Types of personal data:

Personal data: This includes first and last name, email address, telephone number (if applicable), and other information required for identification, e.g., ID data for qualified signatures
Signature data: inSign processes the actual signature as an image as well as the associated metadata such as position, pressure curve, speed (for handwritten signatures) or certificate information (for digital signatures)
Technical information: Technical data is processed to carry out and secure the signature processes, e.g., IP address, browser type, operating system, device type, and date and time of the signature process
Log data: inSign creates audit logs that contain details about the signature process, including timestamps, delivery and opening receipts, and status information for each signature action