Data Transfer Control. The transmission of personal or other confidential data occurs with transport encryption or higher. HWD has an internal policy concerning the use of cryptographic methods, with clear definitions about which cryptographic methods are permissible in which constellation and with which technical specifications. HWD thereby follows the guidelines of the German Federal Office for Information Security (BSI), as well as those of the US National Institute of Standards and Technology (NIST). Furthermore, HWD recommends the use of file-based encryption for the customer communication, whe- never personal data is transferred. This way, even the temporary storage of data on HWD or the custo- mer side is secured. This method requires, however, that the customer has the technical capacity to receive or transmit such an encrypted file. Insofar as HWD identifies this possibility with the customer, HWD will use such a method of file-based encryption, in coordination with the customer. HWD follows a standard process for the storage, deletion, and physical destruction of data media. The data media, their safe storage location, as well as their consecutive return, deletion, or destruction, are logged accordingly. The destruction security level is H-4 according to the DIN standard 66399-2. The shipping of personal data follows the strict conditions and safeguards provided for by law. Mobile data media with personal data are only stored in secured premises, and, if not in use, in a safe. Data which are no longer required for the provisioning of an order, e.g., blocked data, are stored in a sepa- rate, access-protected storage area. The repair and disposal of data media or hardware occur only by appropriately liable and certified companies. The same holds true for the disposal of data on paper.
Data Transfer Control. No unauthorised Reading, Copying, Changes or Deletions of Data with electronic transfer or transport, e.g.: Encryption, Virtual Private Networks (VPN), electronic signature;
Data Transfer Control. Measures to ensure that personal data cannot be read, copied, changed or deleted by unauthorized persons during electronic transfer, transport and saving to carrier media and to allow checking and tracing to which places or bodies the transfer of personal data by data transfer devices is intended.
Data Transfer Control. The Data Processor shall take, among others, the following technical and organizational measures in order to ensure that personal data cannot be read, copied, altered or removed by unauthorized persons under their electronic transmission or during their transport or recording on data carriers and to guarantee that it is possible to examine and establish where personal data are or have had to be transmitted by data transmission equipment: 🗌 Remote access (including during remote maintenance or service procedures) to the IT systems only via VPN tunnels or other state-of-the-art secure, encrypted connections 🗌 Use of e-mail encryption 🗌 Data transferred by the Data Processor is transported and saved in encrypted form. The relevant areas of the data carriers are encrypted using data and hard drive encryption software 🗌 Data storage devices and paper documents are locked away when not in use (clean desk policy) 🗌 Physical transports are only performed with locked containers and/or guarded vehicles Use of document shredders Secure destruction processes in place to industry standards utilising specialised 3rd party with disposal certificates produced The secure transfer modes and encryption methods are regularly updated and kept state-of-the- art (e.g., according to the recommendations in the data protection manual issued by the BSI (Federal Office for Information Security)) 3rd party secure off-site tape storage utilised Secure communication session established via HTTPS and SFTP protocols across all applications / services Encrypted certificates utilised for authentication between the web client and the web server across all websites Other measures:
Data Transfer Control. Data Sharing and Transfer Data transfer is done remotely and there is a log of all personnel who access it from our Hosting Provider. In addition, data is encrypted enroute in order to avoid a breach during sharing/transfer. The TolaData employees access the server and databases remotely and are required to not take local copies or use data carriers of client data. Furthermore employees are required to use only hardware and software that has been officially released by the company, not to print out any sensitive documents and not to forward information to external IT services. Logging In the Data Centers, all measures are taken to ensure that it can be subsequently verified and established whether and by whom data has been entered, modified or removed in the data processing system (including automatic access login, password policy, analysis of log files for specific events.) Same applies to the TolaData software which automatically logs additions, edits and deletions of data by the user. Same applies to TolaData employees: access to data processing systems is only possible after login, no passing of passwords, password policy is in place on how to proceed if a password becomes known, automatic logging when entering, changing and deleting data.
Data Transfer Control. Aspects of the disclosure of personal data must be controlled: electronic transfer, data transport, transmission control, etc. to prevent loss, alteration or unauthorised disclosure. Measures to transport, transmit and communicate or store data on data media (manual or electronic) and for subsequent checking: All communication channels are encrypted. Only secure protocols, algorithms and key lengths are in place according to best practice recommendations. IP Whitelists are in place to protect the service from third party access.
Data Transfer Control. Aspects of the disclosure of personal data must be controlled: electronic transfer, data transport, transmission control, etc. Measures to transport, transmit and communicate or store data on data media (manual or electronic) and for subsequent checking: • IT Storage Media: In case of recycling, discarding, repairs or service on storage media used for personal data, it is ensured that third parties cannot gain access to data on such media. Such security procedures are conducted either through encryption or by thorough deletion or overwriting to ensure that all previously stored personal data cannot be recovered by using a generally recognized specification (e.g. DOD 5220-22- M).
Data Transfer Control. No unauthorized Reading, Copying, Changes or Deletions of Data with electronic transfer or transport, e.g.: Encryption, Virtual Private Networks (VPN), electronic signature; - Encryption of laptops - Safe transmission of sent data (e.g. SFTP, VPN, TLS, SSL, PGP, S/MIME) - Central management of keys for encrypted systems - Deletion and destruction of data storage media according to DIN 32757 - Secure transport of removable media (for example backup, tapes)
Data Transfer Control a. The Processor shall ensure that Client Data cannot be copied (in particular stored on external data carriers), passed on and/or deleted.
b. If the Processor uses information-processing systems with non-volatile memory (e.g. network printers or scanners), the Processor must ensure that Client Data cannot be stored by these systems beyond the scope required directly for the performance of the contract. The Processor shall take technical measures to ensure that third parties (in particular external service providers who may be contracted to maintain the systems) cannot access any Client Data.
Data Transfer Control. The transmission of personal or other confidential data occurs with transport encryption or higher. KYB has an internal policy concerning the use of cryptographic methods, with clear definitions about which cryptogra- phic methods are permissible in which constellation and with which technical specifications. KYB thereby follows the guidelines of the German Xx- xxxxx Office for Information Security (BSI), as well as those of the US National Institute of Standards and Technology (NIST). Furthermore, KYB recommends the use of file-based encryption for the customer communication, whenever personal data is transferred. This way, even the tempo- rary storage of data on KYB or the customer side is se- cured. This method requires, however, that the customer has the technical capacity to receive or transmit such an encrypted file. Insofar as KYB identifies this possibility with the customer, KYB will use such a method of file-ba- sed encryption, in coordination with the customer. KYB follows a standard process for the storage, deletion, and physical destruction of data media. The data media, their safe storage location, as well as their consecutive return, deletion, or destruction, are logged accordingly. The destruction security level is H-4 according to the DIN standard 66399-2. The shipping of personal data follows the strict condi- tions and safeguards provided for by law. Mobile data media with personal data are only stored in secured premises, and, if not in use, in a safe. Data which are no longer required for the provisioning of an order, e.g., blocked data, are stored in a separate, access-protec- xxx storage area. The repair and disposal of data media or hardware occur only by appropriately liable and cer- tified companies. The same holds true for the disposal of data on paper.