Technical and organisational measures for data security and data protection

A variety of technical and organisational measures have been put in place to ensure the security of the personal data you provide. These measures may change depending on technical progress and improvements of this website.

Confidentiality

Access control of data processing centres

Storage and processing occur at chosen providers within data centers that ensure high security and availability standard. Data is safeguarded by distributing it across multiple computers in varied locations, with random chunk naming and auto backups. Moreover, there are rigorous protocols for hard drive management and destruction. The physical premises of the data centers have multiple security layers, including camera surveillance, biometric checks, and a continuous guard presence, alongside security operation centers monitoring potential threats and risks.

Production data cannot be read, copied, altered, or deleted without authorization. The database, cloud infrastructure and all other service providers used are protected with a password and two-step authentication. Only approved users can access the cloud infrastructure (servers) through secure connection mechanism. Permissions are regularly reviewed. Every access attempt and successful sign-in into internal systems are logged.

Pseudonymisation

If possible and reasonable for the respective data processing, the primary identification features of the personal data is removed within the respective data application and kept separately.

Encryption

All data is encrypted in transit and at rest (databases, servers, devices and other data carriers) with proven cryptographic mechanisms (AES, TLS,…). All mobile devices (Laptops, Phones) are encrypted and password protected.

Integrity

Transfer Control

During electronic data transfer or storage, personal data remains protected from unauthorized reading, copying, alteration, or deletion by utilizing measures like encrypted connections and Virtual private Networks.

Input Control

To retrospectively verify and determine if and by whom personal data was entered, altered, or removed from data processing systems, measures such as logging are used.

Procedures for Regular Review, Assessment, and Evaluation

Data Protection Management

A privacy policy is provided that is accessible to all website visitors and is regularly assessed, explaining in detail how data is managed and protected.

Incident Response Management

When a security incident is identified, the first step is to mitigate the incident, and all required remediation measures are immediately implemented. Users are notified without undue delay if their data is involved in a confirmed incident.

Data Retention

Deletion schedules for both data and associated metadata, like log files, are set following legal requirements.

Privacy-Friendly Preferences

Privacy by design / Privacy by default

Privacy-friendly default settings are in place on the website, and data is pseudonymised whenever reasonably possible.