Data Protection Management. Description of existent or taken measures by processor:
Data Protection Management. Documented security concept ● external data protection officer ● minimum annual review of the effectiveness of the technical protection measures ● training of employees with regard to the confidentiality of personal data ● commitment of employees to data secrecy ● data protection impact assessment is conducted on a regular basis
Data Protection Management. HWD operates a data protection management system. To this end, HWD has appointed a data protec- tion officer, who maintains the data protection management system and reports directly to the manage- ment. Within the scope of the data protection management system HWD logs all procedures and ac- tions that involve the processing of personal data in internal company procedure directories. Likewise, HWD operates an ISMS according to ISO-27001 on the basis of IT-Grundschutz and has been certified by the (German) Federal Office for Information Security (BSI) according to this standard. The certificate is re-assessed on an annual basis, and every three years a new application has to be submitted and a full audit performed. Technical organizational measures are audited on an annual basis, also within the annual certificate surveillance audit. Within the framework of the data protection management system, HWD makes data protection impact assessments, if the need is identified. Additionally, HWD ensures, that all staff commit to compliance with confidentiality and data protection laws in writings, and renew their commitment annually. Likewise, a periodic awareness-raising and training process of all staff has been established.
Data Protection Management. The Contractor's employees are regularly informed about the requirements of data protection. All of the Contractor's employees commit to data secrecy and agree to maintain confidentiality. This is documented in a docket. A data protection officer has been appointed who is involved with all questions concerning the protection of personal data. The data protection officer monitors compliance with the requirements of data protection and is supported by data protection coordinators.
Data Protection Management. Technical measures Organizational measures Employees are GDPR trained with annual follow- up on trainings. The organization responds to the information and pursuant to Art. 13 and 14 GDPR Annual penetration testing to ensure the data protection principles in place are intact.
Data Protection Management. Measures to plan and organize data protection requirements. We run a security briefing as part of our onboarding process for every new employee that joins Perdoo. Our internal HR tool enforces the completion of this step, so we can be sure it will not be skipped. We review our data protection processes and TOMs twice a year, together with our Data Protection Officer. In addition, our product and engineering teams are in close contact with our Data Protection Officer and consult him/her whenever changes are made to Perdoo that could have an impact on our data processing.
Data Protection Management. ● The Processor has implemented a data protection management system which is based on the structure of the ISO/IEC 27001/ISO/IEC 27701 standard. ● Accordingly, implemented technical and organizational measures are regularly reviewed for effectiveness as part of internal controls and developed further if necessary.
Data Protection Management. 15.1 Appointed Data Protection Officer Mr. Xxxx Sneftrup Xxxxxxxx C/O FastTrack Software Aps Novi Science Park Niels Xxxxxx Xxx 00 0000 Xxxxxxx Xxxxxxx
15.2 Data Protection Officer contact: Please use the contact form at xxx.xxxxxxxxxxxxxx.xxx for initial contact.
1.1 This Agreement and the instructions associated therewith cover all types of personal data processed by the Data Processor. Such data includes the following:
1.2 Data without personal information:
1.2.1 Administrator session data: Computer name, duration, installed and uninstalled software, UAC elevated programs and reason for administrator need
1.2.2 Inventory data (can be disabled): Basic hardware data, operating system, user and computer domain and OU, installed software, local administrator accounts, computer and user groups and current IP address
1.3 Data with personal information that cannot be disabled:
1.3.1 Portal user (administrator) name, email address and phone number (phone number mandatory only with two factor authentication)
1.4 Data with personal information that can be disabled:
1.4.1 Administrator session data: User’s account name, full name, email address and phone number
1.4.2 Inventory data: Current user’s email address, phone number, current account name
1.1 Sub−processors used to provision the service:
1.1.1 Microsoft Azure is used to provision the infrastructure required to run the principal service. Microsoft Azure has several datacenters around the world, such as Central US, Canada, Europe and Asia. The Data Processor only uses datacenters located within the continent of where the processing takes place. In addition to the data processing agreement mentioned in section 7.7 the Data Processor have executed an Additional Safeguards Addendum to Standard Contractual Clauses with Microsoft Azure. Microsoft Support is not allowed to access data in the European Union from outside the European Union.
1.1.2 OPSWAT MetaDefender is used for malware scanning program files. If this feature is disabled by the Data Controller, this sub−processor is not used. The Data Processor’s usages of OPSWAT MetaDefender does not require processing of personal data.
1. Confidentiality (Article 32 Paragraph 1 Point b GDPR)
1.1 Physical Access Control (No unauthorized access to Data Processing Facilities): Entry into facilities is granted only by documented and supervised handling of keys and rfid access cards. On access to the building, an rfid key card must be used. Furthermore, all office rooms...
Data Protection Management. Objective: Demonstrable compliance with data protection and data protection regulations Existing / implemented measures: • Privacy trainings • Data protection obligation for employees • Data protection guidelines for visitors and external partners • Certificates of conduct of the employees without entries, annual update • Involvement of the internal data protection officer • Reporting process in case of data breaches • Order data agreement • IT terms of use and security policy • Compliance hotline
Data Protection Management. Appointment of a company data protection officer • Commitment to data protection compliance in accordance with the GDPR • Informing employees on the topics of data protection and data security through training and written explanations (appendix to the declaration of commitment) • Conducting classroom training and e-learning (e.g., upon hiring) on data protection topics • Conclusion of contracts for commissioned processing in accordance with Art. 28 DSGVO • Passing on obligations from the written contract for commissioned processing to subcontractors • Guidelines and checklists for commissioning service providers • Control of the technical and organizational measures taken by the contractor • Informing the client in the event of errors/irregularities in data processing • Explanations and guidelines on data protection topics and requirements from the GDPR (e.g., dealing with data subject inquiries / procedure in the event of a "data breach," etc.).Bestellung eines betrieblichen Datenschutzbeauftragten
