CANDIS is a so-called SaaS ("Software as a Service"). I.e. the (cloud) software we provide to our users at app.candis.io consists of individual "areas" (data matching, payment, export...) that are collectively understood as a service. To provide this service to our customers we use subcontractors (e.g. for server hosting, connection of your payment accounts, database storage...).

Since we as a software producer are dependent on subcontractors for practical reasons and we cannot obtain prior written consent from each of our customers, this consent is given by you as a lump sum via the order processing agreement (cf. DPA).

Of course, we oblige our subcontractors to comply with the same data protection obligations that arise from the order processing relationship between us (Candis GmbH) and you. This means that our subcontractors are themselves order processors vis-à-vis us, and Candis GmbH is thus exclusively responsible vis-à-vis you.

You can find a current list of our subcontractors in the DPA under point 7.3.

Did this answer your question?