Pseudonymisation. Personal data is processed in such a way that the data can no longer be assigned to a specific data subject without additional information being provided, given that such additional information is kept separately and is subject to appropriate technical and organisational measures. • Definition of the pseudonymisation rule, possibly based on personnel, customer or patient identification numbers (use of UUID v4) • Authorisation: Determination of persons authorised to manage the pseudonymisation process, carry out pseudonymisation and, if necessary, de-pseudonymisation • Random generation of assignment tables or secret parameters used in an algorithmic pseudonymisation • Protection of assignment tables or secret parameters, both against unauthorised access and against unauthorised use • Separation of data to be pseudonymised into identifying information to be replaced and further information
Pseudonymisation. Every processing operation is to be assessed as to whether its purpose can also be realised without direct personal reference. If this is the case, the processing of personal data is to be performed in a manner such that these data can no longer be associated to a specific data subject without reference to additional information. This additional information is to be stored separately and is itself subject to technical and organisational measures intended to ensure that the personal data cannot be associated to an identified or identifiable natural person.
Pseudonymisation. Aliaxis Deutschland GmbH observes the principle of data minimisation. If there is no specific purpose for processing a personal data record, the data record is pseudonymised.
Pseudonymisation. As far as possible, the data will be processed in such a way that it can no longer be assigned to a natural person without the use of additional information. The collection of IP addresses is avoided in system administration and any recorded IP addresses are made anonymous via shortening. Possibility of anonymisation / pseudonymisation by the client
Pseudonymisation. If the Personal Data is used for evaluation purposes which can also be fulfilled with pseudonymised data, then pseudonymisation techniques will be used. For each data field, it will be pre-defined whether pseudonymisation needs to be used or not, in order to avoid it being traced back to a particular person. The pseudonymisation key will be stored in a data safe, in order to restrict access as far as possible.
Pseudonymisation. Pseudonymisation is not currently applied. The application of pseudonymisation procedures is the responsibility of the client.
Pseudonymisation. Assessments must be pseudonymised if the personal reference to the result is not absolutely neces- sary.
Pseudonymisation. If possible, replacing personally identifiable information fields within a data record by one or more artificial identifiers. Data Classification: regarding legal responsibilities or self-evaluation (confidential, intern, public) Output control: No unauthorised reading, copying, altering during data transportation, electronical and physical, as: Encryption, Virtual Private Networks (VPN), electronic signature Input control: No unauthorised inputting, altering or deleting data, as: protocolling, document management Availability control: Protection against accidental or unlawful destruction or accidental loss, as: backup-strategies (online/offline. on-site/off-site), failsafe power supply, virus protection, firewalls, emergency plans, security checks on infrastructure and application level, multi-level backup-plan with encrypted storage of the backup in another datacentre, Workflow with new, leaving employees. Deletion Dates: For data and metadata as Logfiles. Data protect management including employee training Incident-Response-Management. Data protection friendly default settings Processor control: No data processing according to Art 28 GDPR without instructions of the controller, as: agreements, formalised processing management, strict engagement with other processors (ISO-certifications, ISMS), regular controls
Pseudonymisation. Measures to process personal data in a manner to ensure that the personal data can no longer be assigned to a specific data subject without reference to additional information if this addi- tional information is separately preserved and is subject to technical and organisational measures.
Pseudonymisation. Measures which reduce the direct reference to persons during processing in such a way that an assignment to a specific data subject is only possible with the use of additional information. The additional information must be kept separate from the pseudonym by suitable technical and organisational measures. Description of the pseudonymization process: · Security relevant information such as access data and bank data is encrypted. Master data of persons is not stored encrypted in the database. · HmacSHA256 and a Salt.