Back to FAQ

What technical and organizational measures do you take to protect data?

We adhere to the following technical and organizational measures for data protection under Art. 32 GDPR:

Electronic access control
  • ✓ Assignment of user rights
  • ✓ Password assignment
  • ✓ Authentication with user name / password
  • ✓ Create user profiles
  • ✓ Assignment of user profiles to IT systems
  • ✓ Use of VPN technology
  • ✓ Encryption of mobile data carriers
  • ✓ Encryption of data carriers in laptops/notebooks
  • ✓ Use of a software firewall
Access level control
  • ✓ Create an authorization concept
  • ✓ Number of administrators reduced to “essential only”
  • ✓ Encryption of data carriers
  • ✓ Administration of rights by system administrator ✓ Password policy, including password length, password change
Relay control
  • ✓ Facilities of leased lines or VPN tunnels
  • ✓ E-mail encryption
Input control
  • ✓ Traceability of input, modification and deletion of data by individual user names (not user groups)
  • ✓ Assignment of rights to input, change and deletion of data based on an authorization concept
Order control
  • ✓ Selection of the contractor with due diligence (especially regarding data security)
  • ✓ Written instructions to the contractor (e.g., by order processing contract)
  • ✓ Obligation of contractor employees regarding data confidentiality
Availability control
  • ✓ Create a backup & recovery concept
Separation control
  • ✓ Defining database rights
  • ✓ Separation of productive and test system

Update: Our terms and privacy policy are also compliant with the GDPR regulations that came into effect on May 25, 2018. The new regulations stipulate that if a company handles any data of private persons, and stores that data on someone else’s computer (i.e., a sub-processor, such as google drive, github, or backhub), the company must ensure that all sub-processors are GDPR-compliant by signing a Data Processing Agreement (DPA). We now provide a DPA that customers can download and sign.