Technical and Organizational Measures

The contractor takes the following technical and organizational measures for data security within the meaning of Art. 32 GDPR.

1. Psycho-anonymization and encryption

  • Https encryption in web communication
  • Pseudonymization before permissible statistical evaluation

2. Ability to ensure the confidentiality, integrity, availability and resilience of the systems and services in connection with the processing in the long term

  • Access to systems only with individual user names and passwords
  • Authorized persons can only access data that is authorized for them
  • Personally stored data can only be read, copied, changed or removed within the framework of the concept
  • current virus software
  • Protection of email traffic
  • Firewall
  • Separation of the productive, test and development environment
  • Resilience through scalability
  • Employees' obligation to maintain data secrecy
  • Training of employees
  • Password allocation policy
  • Password Policy
  • Authorization control
  • Access logs
  • No access for unauthorized persons
  • Access controlled by employees during business hours
  • Each office with a PC system can be individually locked
  • Secure deletion of data carriers
  • Prohibition of the use of private data carriers
  • Central rights and allocation management for workplaces
  • Regulations for home workplaces
  • Fire extinguishers and smoke alarms
  • Data center:

3. Ability to quickly restore the availability and access to personal data in the event of a physical or technical incident

  • Data backup and mirroring
  • Backups
  • special physical protection of the data in the data center

4. Procedure for the regular review, assessment and evaluation of the effectiveness of the technical and organizational measures of the processing

  • Regular examination of the necessity of access rights
  • Keys and access rights allocation control
  • Test reports

Published under:
Technical and organizational measures of the contractor