Instruktion
Instruktion
Avtalet ska fyllas i och signeras av person med behörighet och befogenhet att teckna personuppgiftbiträdesavtal för aktuell verksamhet enligt nedan:
Här fyller man i information om Personuppgiftsansvarig. Det vill säga organisationens, kommunens, förvaltningens eller bolagets namn, adress och organisationsnummer.
• Sidan 8/18, punkt (4):
Kryssa i den/de kategorier av testdeltagare ni planerar att testa.
Här ska avtalet skrivas på enligt efterfrågad information av person med behörighet och befogenhet att teckna personuppgiftbiträdesavtal.
Korrekt ifyllt och påskrivet dokument mejlas till xxxx@xxxxxxx.xx.
Data protection at Hogrefe
Responsible handling of sensitive data
Version: 2.1
Hogrefe Psykologiförlaget AB
Xxxxxxxxxx 00 X 000 00 Xxxxxxxxx Xxxxxxx | Tel. 00-000 000 00 |
Content | |
2.Subject matter, scope, type and purpose of data use, data subjects, duration | |
0.Xxxxxxxx | 10 |
0.Xxxxxxx for individual rights | 10 |
2.Integrity (Art. 32 (1) (b) GDPR) | 16 |
3.Availability and resilience (Art. 32 (1) (b) GDPR) | 16 |
4.Process for regularly testing, assessing, evaluating (Art. 32 (1) (d)GDPR; Art. 25 (1) GDPR) | 18 |
V.Overview of processing activities of the Processor in accordance with Art. 30 (2) GDPR | 19 |
I. Contact
Hogrefe Psykologiförlaget AB Xxxxxxxxxx 00 X, 000 00 Xxxxxxxxx
Tel: 00-000 000 00
Email: xxxx@xxxxxxx.xx xx.xxxxxxx.xx
If you have any questions about Hogrefe data protection, please contact:
Managing Consultant Data Protection
External Operational Data Protection Officer at Xxxxxxx Xxxxxxxxxxxx 0
D-37085 Göttingen
II. General information about Hogrefe’s data protection
1. Data protection in the Hogrefe Testsystem (online portal)
Data protection comprises three overarching aspects, the observance and implementation of which are essential for the reliable handling of data within the Hogrefe Testsystem (HTS):
1. Protection of personal data against misuse
2. Protection of electronic data against loss or alteration
3. Test protection as protection of tests and principles of evaluation against general disclosure
2. General
In principle, it is not necessary to collect sensitive personal data in the HTS. Only age in years and gender are necessary for the application of the relevant standards in some tests – but these do not in themselves allow identification of an individual. The identification of the individual can be entered via an individual code (e.g. a number in a separate test taker administration). The documentation of a "result to a person " assignment can be done outside the HTS.
For the general use of personal data in the assessment process (entering names, date of birth, address data, etc. ) the test user is responsible and must obtain consent for the processing of this personal data, and understand the legal framework that is applicable.
Data on the Hogrefe servers is not automatically deleted and must be done or activated by the test user, as the data controller. Under the heading "Evaluate" there is a delete option for individuals; in this case all measurements of the given person are also deleted. In the supervisor login area, an automatic deletion function for individuals and test results can also be activated.
All data is automatically archived in a backup system in order to be able to recover it in the event of a disaster. In order to be able to comply with the statutory obligation to provide evidence, we also recommend that the results be printed and archived on paper or electronically.
3. Protection of personal data from misuse
Hogrefe attaches a particular emphasis on the confidentiality of personal data and compliance with applicable data protection laws and regulations. Personal information stored in the Hogrefe Testsystem will only be processed within the framework of the guidelines listed here.
The connections between the client (online portal administration platform) and the server (hogrefe- xxxxxx.xxx) and the client (test site) and the server (xxxxxxx-xxxxxx.xxx) are made exclusively via encrypted SSL connections.
Current security procedures have been implemented to ensure the accuracy and security of personal data and to prevent unauthorized access or improper use. These include:
• Using a form-based authentication process
• Transferring data through a TLS-encrypted connection
• Providing firewall systems secure servers
• Limiting the access to the servers to port 443
The administration space (online portal) is secured by its own user management, which ensures that only the data managed by the user is also visible to this user. Hogrefe support staff cannot view personal data without the customer’s consent.
4. EU General Data Protection Regulation (GDPR)
The HTS complies with the data protection requirements of the GDPR. During development of the system, special emphasis continues to be placed on the privacy-friendliness of the product design and on data protection-friendly defaults in order to comply with the principles of "privacy by design" and "privacy by default" (Art. 25 GDPR). As a result, HTS can be used without the collection of personal data.
All HTS-related processing activities and internal processes are documented and regularly reviewed. In order to assist the test user in fulfilling their data protection obligations (as the data controller), the overview of the processing activity in accordance with Article 30 (2) GDPR is presented under Section V.
All employees are regularly trained to comply with GDPR requirements and are obliged to maintain confidentiality.
5. Protection of electronic data against loss or alteration
To protect data from loss, damage, unauthorized access and improper use, the Hogrefe online portal is hosted in a data center featuring redundant data connectivity.
Organizational measures include:
• Complete seamless 24/7 monitoring of operation and access with continuous documentation”
• “Remote hands” available during business/support hours
• Restricted access to authorized personnel to the data center (only via access card and access code)
• Data center with a UPS (uninterruptible power supply) allowing for full operation even in the event of a prolonged power outage.
• Databases continuously backed up to separate hardware
The full list of technical and organizational measures under Article 32 GDPR can be found in the Annex to the agreement under Section II.
6. Test protection
Please note that test protection is also part of data protection. If tests are used for decision-making purposes, test items should not be made public, otherwise results may not be valid. Professional testing procedures are subject to controlled distribution conditions that provide some protection. This also applies to PC-based testing procedures. Wherever possible, you should perform important test administrations under controlled conditions. This includes:
• Identity verification of the individual (particularly when the individual is not personally known to the test user)
• Supervision of the testing process (and in remote locations, if necessary, by a designated trustee to prevent unauthorized aids and communication).
III. Data Processing Agreement
Data protection agreement in accordance with Article 28 GDPR
regarding the provision of IT services
Between
(hereinafter referred to as the Controller)
And
Hogrefe Psykologiförlaget AB Xxxxxxxxxx 00 X
113 30 Stockholm
Xxx.xx. 556711-8202
(hereinafter referred to as the Processor)
Preamble
In accordance with Article 28 of EU General Data Protection Regulation 2016/679 (hereinafter referred to as the GDPR), this agreement specifies the data protection obligations of the parties with respect to the provision of IT services.
It applies to all activities in which employees of the Processor or third parties engaged by the Processor may come into contact with personal data of the Controller.
1. Definitions
The definitions of Article 4 GDPR apply.
2. Subject matter, scope, type and purpose of data use, data subjects, duration
(1) The purpose of this document is to specify the agreement between the Controller and the Processor on the provision of information technology services, which comes into force upon accessing the Hogrefe
(2) The object of this agreement is, in particular, the provision of the following services by the Processor:
• Hosting the HTS online portal and ensuring operability
• Provision of server infrastructure for completion of online testing
• Keeping the test results in PDF format available on the online portal for the duration of the contractual relationship or the Controller deletes the files
(3) In the context of the provision of the services, the following personal data may be affected::
• Name
• Age
• Gender
• E-mail address (in individual cases)
• Test results and evaluations
•
•
•
•
•
(4) Affected by the use of data may be (depending on the Controller's area of responsibility): Employees
Applicants Coaches Patients Other:
(5) The validity of this Annex corresponds with the duration of the main agreement.
(6) The processing of personal data takes place exclusively in the territory of the Federal Republic of Germany, in a Member State of the European Union or in another Contracting State of the Agreement on the European Economic Area. Any transfer to a third country requires the prior documented instructions of the Controller (Art. 28 sec. 3 lit. a GDPR) and may only take place if the special requirements of Art. 44-49 GDPR are met.
3. Responsibilities and authority to issue instructions
(1) The Controller is solely responsible for compliance with data protection laws and regulations, in particular with respect to the lawfulness of disclosure of data to the Processor and the lawfulness of data processing (Article 4 (7) GDPR).
(2) The Processor reserves the right to anonymize or aggregate the personal data, so that it is no longer possible to identify individual data subjects, and in this form to use it for the purpose of designing, developing and optimizing the service agreed in accordance with the main agreement. The parties agree that anonymized or aggregated personal data according to the above conditions will no longer be considered personal data within the meaning of this Agreement.
(3) The Processor shall only process personal data on documented instructions from the Controller, unless required under EU law or the laws of the member state or country to which the Processor is subject. In the event of any other obligation, the Processor shall notify the contractor of the relevant legal requirements prior to processing.
(4) If the Processor believes that an instruction from the Controller violates data protection regulations, he shall immediately inform the Controller in accordance with Article 28 (3) GDPR. Pending confirmation or amendment of the relevant instruction, the Processor is entitled to suspend the execution of the instruction.
4. Data protection officer
The contractor has appointed a data protection officer (DPO). The contact details are: Xxxxx Xxxx
Managing Consultant Data Protection Xxxxxxxxxxxx 0
D-37085 Göttingen
5. Security
(1) The Processor shall take appropriate technical and organizational measures to adequately protect the personal data in accordance with Article 28 (3) GDPR in conjunction with Article 32 (1) GDPR in order to ensure the security of the processing on behalf of the court. To this end, the Processor will
• ensure the confidentiality, integrity, availability and resilience of the systems and services associated with processing in the long term;
• ensure the ability to rapidly restore the availability and access to personal data in the event of a physical or technical incident;
• maintain a procedure for the regular review, evaluation and evaluation of the effectiveness of technical and organizational measures to ensure the safety of processing.
The state of the art, the implementation costs and the nature, scope and purposes of the processing, as well as the different probability and severity of the risk to the rights and freedoms of individuals within the meaning of Article 32(1) GDPR must be taken into account.
(2) The Parties agree on the specific data security measures set out in Section IV of this Agreement, "Technical and Organizational Measures".
(3) Technical and organizational measures shall be subject to technical progress and development. In this respect, the Processor is permitted to implement alternative adequate measures. The level of safety of the measures laid down must not be lowered. Substantial changes must be documented and notified to the Controller in writing.
6. Confidentiality obligation
The Processor shall only use employees who have been obliged to maintain confidentiality in accordance with Article 28 (3) (b) GDPR and who have previously been familiarized with the relevant provisions on data protection in accordance with Article 28 (3) (2) (b) GDPR. The Processor and any individuals under the authority of the Processor who have access to personal data should process such data exclusively in accordance with the instructions of the Controller, including the powers conferred in this Agreement, unless they are legally obliged to process them in another manner.
7. Support for individual rights
(1) The Processor is obliged to support the client with appropriate technical and organizational measures in the protection of the rights of the individuals referred to in Articles 12 to 22 GDPR (Article 28 (3) GDPR). In particular, the Processor will assist the Controller in fulfilling requests of individuals for deletion of their personal data in accordance with Article 17 GDPR.
(2) Insofar as individuals may exercise a right to data portability vis-a-vis the Contractor, the Processor shall ensure that they can obtain the data they have provided to the Contractor in a structured, common and machine-readable format.
(3) The Processor may only correct, delete or restrict the processing of personal data in accordance with documented instructions of the Controller. The Processor may only provide information to third parties or individuals with the prior written consent of the Controller.
(4) Insofar as an individual contacts the Processor directly in order to assert his or her rights under Articles 12 to 22 GDPR, the Processor shall immediately forward the request to the Controller.
8. Support for documentation and reporting obligations
(1) If the Processor becomes aware of a breach of the protection of personal data, he shall immediately notify the Controller of Article 28 (3) (f), Article 33 (2) GDPR. The same shall apply if individuals employed by the Processor violate this Agreement.
(2) After consultation with the Controller, the Processor shall immediately take the necessary measures to secure the data and to reduce possible adverse consequences for the parties concerned.
(3) The Processor shall assist the Controller with all the information available in the fulfilment of the information obligations to the competent supervisory authority in accordance with Article 33 GDPR and, if necessary, to those affected by the breach of the protection of personal data in accordance with Article 34 GDPR.
(4) The Processor shall assist the Controller with all the information available in the data protection impact assessment in accordance with Article 35 GDPR and, if necessary, in a prior consultation with the competent supervisory authority in accordance with Article 36 GDPR.
(5) The Processor shall immediately inform the Controller of controls and measures taken by the supervisory authority in so far as they relate to this Agreement.
9. Monitoring rights of the Controller
(1) The Controller is entitled to assess the Processor with regard to the technical and organizational measures taken as well as the compliance with this Agreement and the data protection regulations, either on their own or by another auditor commissioned by the Controller. For this purpose, it can alternatively:
• obtain self-information from the Processor, or
• obtain an existing certificate from an external expert or the company DPO, or
• in the event of reasonable doubt about the documents submitted or an incident relevant to data protection law, after timely notification and by stating the reasons, at normal business hours and without disrupting the operation, the Controller can carry out an audit. The costs associated with such an audit will be borne by the Controller.
(2) The Processor undertakes to provide the Controller with all the information necessary for an assessment.
(3) The Processor is obliged to tolerate assessments by the Controller with regard to compliance with this Agreement and the associated compliance with data protection regulations, in particular by obtaining information requested. The Processor shall provide information on the specific individual case immediately upon request of the Controller and shall provide appropriate evidence of compliance with this Agreement.
10. Use of other processors (subcontractors)
(1) No subcontractors have been engaged at the time of conclusion of the contract. The Controller gives the Processor general permission to involve subcontractors as needed. Ten weeks before the use of a subcontractor, the Processor must inform the Controller. For the purposes of this Agreement subcontractors shall be defined as services which relate directly to the provision of the main service. This does not include ancillary services which the Processor uses, such as telecommunications services, postal/transport services, cleaning, etc.
(2) In individual cases, the Controller has the right to object to the appointment of a subcontractor. The Controller shall exercise the right of opposition only for objective reasons, taking into account reasonable discretion, without undue delay, at the latest within a period of 2 weeks after receipt of the information. The opposition must be given in text form and provide all the reasons which, in the opinion of the Controller, preclude the use of the subcontractor. In the event that the subcontractor's use is necessary to eliminate the risk of a material adverse effect on the interests of another client or individuals, the Processor shall be entitled to provisionally appoint the subcontractor whose use the Controller has been informed of before the expiry of the opposition period. In such cases, the subcontractor's provisional use shall be based on an opposition from the Controller which meets reasonable discretion and the abovementioned requirements in terms of form and justification. Significant impairments within the meaning of the above rules exist, for example, where the involvement of a subcontractor is required for reasons of data security or if, without the subcontractor's use, the Processor would suffer a disproportionate effort or damage.
(3) Subcontractors must be carefully selected, in particular with particular regard to the technical and organizational data protection measures they have taken within the meaning of Article 32 GDPR. They must be checked for compliance with statutory and contractual data protection regulations as well as the agreed technical and organizational protective measures before commissioning and during the term of the contract. The results of this inspection shall be documented and transmitted to the Controller upon request.
(4) Contractual agreements between the Processor and subcontractors shall comply with the confidentiality, data protection and data security requirements of this Agreement. The transfer of personal data to the subcontractor is only permitted if the subcontractor fulfils the obligations under Article 28 GDPR.
(5) Further outsourcing by the subcontractor requires the express consent of the Controller (minimum text form). All contractual provisions in the contract chain must also be ordered to the additional subcontractor.
11. Erasure and release
(1) The Processor will only retain the personal data for as long as instructed by the Controller. In the absence of a specific instruction, the personal data will only be retained before destruction for as long as is necessary for the execution of the processing commissioned under this Agreement.
(2) At the request of the Controller and after termination of this agreement, the Processor will delete all personal data related to this Agreement for processing, as well as any copies thereof within 14 days after the Controller's request and instruction or termination of the order processing, in compliance with relevant data protection regulations.
(4) The Processor shall notify the Controller of the cancellation in writing upon request.
12. Liability
(1) The Controller and the Processor shall be liable in the external relationship in accordance with Article 82 (1) GDPR for material and non-material damage suffered by an individual as a result of a breach of the GDPR. If both the Controller and the Processor are responsible for such damage in accordance with Article 82 (2) GDPR, the parties are liable for such damage in accordance with their share of responsibility in the internal relationship. If an individual in such a case claims damages in whole or in part, the latter may demand exemption or indemnity from the other party, insofar as it corresponds to his share of responsibility.
(2) For the purpose of disenfranchisement, the Processor is authorized to disclose details of the instructions of the Controller and the processing of data in accordance with Article 82 (3) GDPR. The Controller is obliged to provide the best possible support to the Processor so that the Processor can indemnify himself against third parties in accordance with Article 82 (3) GDPR.
(3) Any reductions in liability in the relationship between the Controller and the individual also work in favor of the Processor, so that any claim for reimbursement against the Processor is reduced by the proportion that the Controller saves due to the reduction in liability in the external relationship.
(4) The Controller undertakes to indemnify the Processor from any fines imposed on the Processor to the extent that the Controller bears part of the responsibility for the infringement sanctioned by the fine.
13. Other provisions
(1) In the event of a conflict between any other contract and this Agreement, this Agreement shall take precedence with respect to the processing of personal data.
(2) Should one or more provisions of this Agreement be or become ineffective, the validity of the remaining agreement shall remain unaffected. The invalid provision(s) shall be replaced by a provision which ultimately is as close as possible to that which the parties had sought with the ineffective provision. The same applies in the case of contractual gaps.
Xxxxxxxxx Xxxx
VD
IV. Technical and organizational measures
1. Confidentiality (Article 32 (1) (b) GDPR)
(1) Physical Access Control
The objective of physical access control is to prevent unauthorized persons from getting close to data processing equipment, thereby gaining physical access to the systems used to process or use personal data by implementing various structural, organizational and personnel measures, which shall be laid down in a physical access control policy.
Technical and organizational measures
The purpose of the following measures is to deny an unauthorized individual physical access to data processing equipment:
▪ Security passes
▪ Electronic access code cards / access transponders
▪ Rules for granting access authorisation
▪ Video surveillance
▪ Alarm system
▪ Keys policy
▪ Visitors must always be accompanied by employees
▪ Visitor check-in/check-out records
▪ Tiered security areas and controlled access
▪ Separately secured access to the data centre
▪ Servers are kept in locked rooms
▪ Data carriers are kept under lock and key or in locked rooms
▪ Data backups (e.g. tapes, CDs) are kept in an access-protected safe
(2) Equipment access control
The objective of equipment access control is to deny an unauthorized individual access to data processing equipment by implementing appropriate measures to ensure that only users who have the appropriate authorization can gain access to data and IT applications. If a user fails to demonstrate that he or she has the necessary authorization, the equipment access control will deny the user access to the IT system.
Technical and organizational measures
The purpose of the following measures is to deny an unauthorized individual access to data processing systems:
▪ Password protection of workstation screens
▪ Functional and/or temporary allocation of user authorisations
▪ Use of individual passwords
▪ Automatic blocking of user accounts after entering the wrong passport multiple times
▪ Automatic password-protected screen lock after a period of inactivity (screensaver)
▪ Password policy and minimum password complexity requirements:
o at least 8 characters / upper and lower case, special characters, number (min. 3 criteria)
o Users deterred from using easy-to-guess passwords (e.g. Dog1, Dog2, Dog3)
o Password history (users are prohibited from repeating 5 last passwords)
▪ Procedure for granting authorizations to new employees
▪ Procedure for withdrawing authorizations from employees who move to a different department
▪ Procedure for withdrawing authorizations from employees who leave the company
▪ Confidentiality obligation
▪ Logging and evaluation of system use
▪ Controlled destruction of data carriers
(3) Data access control
The objective of data access control is to ensure that those authorized to use a data processing system can only access data covered by their access authorization, and personal data is not read, copied, modified, or removed by an unauthorized user during processing, use or after it has been stored.
Technical and organizational measures
The purpose of the following measures is to deny an unauthorized individual access to data processing systems:
▪ Formulation of access authorization policy
▪ Procedure for the recovery of data from backups (who, when, at whose request)
▪ Regular review of authorizations
▪ Restriction of free and uncontrolled query options for databases
▪ Regular analysis of logs (log files)
▪ Partial access to databases and functions (read, write, execute)
▪ Logging of file access
▪ Logging of file erasures
▪ The company uses adequate security systems (software/hardware), including:
o Virus scanner
o Firewalls
o SPAM filter
o Intrusion prevention (IPS)
o Intrusion detection (IDS)
▪ Encrypted storage of data
▪ Use of hash function – SHA2 (256, 384, 512 bit)
(4) Separability
The objective of the principle of separability is to ensure that data collected for different purposes can be processed separately. Among other things, the purpose is to have the ability to associate data with a specific department, individual, branch or customer, and to comply with the principle of purpose limitation, which is one of the basic principles of data protection. The objective can be achieved in many ways, for example, by implementing a suitable application authorization policy.
Technical and organizational measures
The purpose of the following measures is to ensure that data collected for different purposes is processed separately:
▪ Separation of customers (multi-controller capability of the system used)
▪ Logical data separation (e.g. based on customer or Controller numbers)
▪ The Controller's and other customers' data are processed by different employees of the Processor
▪ Access authorisation policy which takes into account the requirement of processing Controller's data separately from other customers' data
▪ Segregation of functions
▪ Separation of development, testing and production systems
▪ Dedicated system
(5) Pseudonymization
The Controller can configure the system settings to ensure that the processing of personal data takes place in a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information.
2. Integrity (Article 32 (1) (b) GDPR)
(1) Data transfer control
The objective of data transfer control is to ensure that personal data cannot be read, copied, modified or removed without authorisation during their transfer or transport or when storing the data on data carriers, and that it can be checked and determined who are the recipients of the personal data transfer.
Technical and organizational measures
The following measures have been implemented to achieve this objective:
▪ The use of https connections for data exchange
▪ Safe destruction of paper documents by using sealed metal containers (data protection bins) and documented disposal by service providers
(2) Input control
The objective of input control is to ensure that it is possible to check and establish whether and by whom personal data has been input into data processing systems, modified or removed.
Technical and organizational measures
The following measures have been implemented to achieve this objective:
▪ Identification of acquired data
▪ Definition of user authorizations (profiles)
▪ Differentiated user access authorizations:
o Read, change, delete
o Partial access to data or functions
o Field access to databases
▪ Organisational specification of input responsibilities
▪ Logging of entries/erasures
▪ Obligation to maintain data confidentiality
▪ Log policy that goes beyond the OS standard
3. Availability and resilience (Article 32 (1) (b) GDPR)
(3) Availability control
The objective of availability control is to ensure that personal data are protected against accidental destruction or loss.
Technical and organizational measures
The following measures have been implemented to achieve this objective:
▪ Data backup policy
▪ Implementation of the data backup strategy
▪ Access to server rooms restricted to necessary personnel
▪ Fire alarm systems in server rooms
▪ Smoke detectors in server rooms
▪ Waterless firefighting systems in server rooms
▪ Air-conditioned server rooms
▪ Lightning/surge protection
▪ Water sensors in server rooms
▪ Server rooms located in separate fire-containment sections
▪ Backup systems located in separate rooms and fire-containment sections
▪ Storage of archive storage media under necessary storage conditions (air conditioning, protection requirements, etc.)
▪ CO2 fire extinguisher in the immediate vicinity of the server rooms
▪ Storage of data in data cabinets, safes
▪ UPS system (uninterruptible power supply)
(2) Resilience and reliability control
The objective of resilience and reliability control is to ensure that systems can handle risk-related changes and have the ability to tolerate and withstand disruptions.
Technical and organizational measures
The following measures have been implemented to achieve this objective:
▪ Redundant power supply
▪ Redundant UPS system
▪ Redundant air conditioning
▪ Hard disk mirroring
▪ Data storage on RAID systems (RAID 1 and higher)
▪ Demarcation of critical components
▪ Performance of penetration tests
▪ System hardening (deactivation of unnecessary components)
▪ Immediate and regular activation of available software and firmware updates
o Identification of the different devices that make up the network and identification of their hardware version as well as their current software and firmware versions.
o Communication with manufacturers to learn about new updates and patches released for the company's devices.
o Setting aside periods for installing updates (e.g. less busy periods, maintenance, etc.).
o Use of redundant systems to maintain operations while the main devices are being updated.
o Progressive deployment of updates/patches to detect problems early without compromising multiple devices.
o Setting aside a testing period to verify the correct implementation of the update and ensure that operations continue to run smoothly following the update.
▪ Security is among the key aspects taken into account when designing systems:
o Limitation of authorizations on a need-to-know basis.
o External processors and maintenance personnel receive a specific access authorization that is only activated during the intervention and deactivated for the rest of the time.
▪ Regular awareness-raising campaigns to inform users about security policies, both for specific systems and legacy IT systems.
4. Process for regularly testing, assessing, evaluating (Article 32 (1) (d) GDPR; Article 25 (1) GDPR)
(1) Control processes
We have implemented the following processes for regularly testing, assessing and evaluating the effectiveness of data security measures:
▪ Reporting of new/changed data processing procedures to the DPO
▪ Recording of processes for reporting new/changed procedures
▪ Selection of data protection-friendly default settings
▪ Subjecting the implemented protection measures to regular internal controls
(2) Processing control
The objective of processing control is to ensure that personal data processed by service providers on behalf of the Controller (subprocessors) can only be processed in compliance with the Processor's instructions.
Technical and organizational measures
The following measures have been implemented to achieve this objective:
▪ Contracts drafted in accordance with legal requirements (Article 28 GDPR)
▪ Central recording of existing service providers (standard contract management)
▪ Regular checks by the Processor after the contract start date (during the term of the contract)
▪ Inspections at the premises of the Processor
▪ Verification of the Processor's data security concept
▪ Review of the Processor’s existing IT security certificates
V. Overview of processing activities of the Processor in accordance with Article 30 (2) GDPR
Name and contact details of the Processor Group of companies yes no Name Hogrefe Verlag GmbH & Co. KG Street Xxxxxxxxxxxx 0 Xxxxxxxx 00000 Location Göttingen Telephone 00 (0)000 000 00-000 | |
Contact details for the Data Protection Officer Salutation Mr Xxxxxxx, name Xxxx, Xxxxx Xxxxxx Xxxxxxxxxxxx 0 Xxxxxxxx 00000 Location Göttingen Telephone 00 (0)00 000 000 0 | |
Categories of processing carried out on behalf of the Controller (Article 30 (2) (b) GDPR) | • Hosting of the HTS online portal and guarantee of operability • Provision of the server infrastructure for completion of online tests • Keeping the test results in PDF format available on the online portal for the duration of the contractual relationship or until the Controller erases the relevant files |
Where applicable, transfers of personal data to a third country or an international organisation (Article 30 (2) (c) GDPR) | We do not transfer and do not plan to transfer data to third countries or international organisations |
Subprocessors | We do not use subprocessors |