§ 1. Technical and organisational security measures According to § 11 Paragraph 2 Sentence 2 No. 3 BDSG in conjunction with § 9 BDSG and Art. 32 DSGVO, the contracting parties are obliged to define the technical and organisational security measures. | In other words, as a cloud and hosting provider, we are obliged to guarantee the highest level of security for the protection of sensitive, especially personal data. |
---|---|
§ 2. Internal organization of the contractor The contractor shall design his internal organisation in such a way that it meets the special requirements of data protection. Measures shall be taken which are appropriate depending on the type of personal data or categories of data to be protected. | In other words, we will at all times take all measures to ensure the protection of confidential, personal and personal data. |
§ 3. Specification of individual measures In detail, the following measures will be determined: | |
Confidentiality (Art. 32 para. 1 lit. b. DSGVO) | In other words, To ensure confidentiality, we protect all our servers and data stores from unauthorized physical access by all available means. The use of our systems or services is excluded without personal access data. No one - not even our employees - has direct access to your data. In principle, we only grant user rights (if necessary temporary rights) that are absolutely necessary for the work of our employees and log every process. Information that we need for our development processes, for example, never contains personal data. We guarantee that data export of confidential data is never possible. Should we ever process personal data, we will use algorithmic measures to make this data so anonymous that no natural person can be identified from the data. |
Integrity (Art. 32 para. 1 lit. b DSGVO) | In other words, We ensure data integrity by always working with strong encryption and immediately identifying any unwanted changes to data through the use of checksums. We log the creation of new or modification of existing data for better traceability. We can therefore recognize "who" has done "what" "at which time". |
Availability and resilience (Art. 32 Par. 1 lit. b DSGVO) availability check
Protection against accidental or deliberate destruction or loss through an online backup strategy (off-site), uninterruptible power supply (UPS), redundant hardware, network disconnections and the use of firewalls, as well as ensuring rapid recovery of services in the event of an error. | In other words, We monitor all our services and do everything in our power to ensure the highest possible availability and security. We back up our own data, but not your data. We regularly practice various events to prepare for a major disruption and then immediately know what we need to do. |
Procedures for regular review, analysis and evaluation (Art. 32 para. 1 lit. d DSGVO; Art. 25 para. 1 DSGVO) | In other words, we ensure very good data protection at all times and ensure data protection-friendly operation. We will never process your confidential or personal data without your order. We also ensure that 24/7 experienced engineers ensure the operation. |