Technical and Organizational Measures to Ensure Data Privacy
1. Organisation
-
Weiss AG has currently appointed the following data protection officer:
Jens Wacker
Merkurstraße 45
67663 Kaiserslautern
Phone: +49 631 4140490
Mobile: +49 151-56344016
E-Mail:
info@weiss-ag.de
1. Measures to ensure Confidentiality
a) Access Control (premises)
Unauthorized access to buildings or rooms with data processing systems, with which personal data is processed or used, must be denied
– Visitors only have access to the entrance area after an employee has opened the door
– Keys and key allocation are handed over by an employee according to a defined process
– The doors are protected against unauthorized persons by appropriate security technology
– Unaccompanied visitors are not allowed to move / stay in the office
– Regular inspection of the site by a security service outside of business hours
b) Access (entrance) and user control (Systems)
Measures to prevent data processing systems from being used by unauthorized persons.
– Computer workstations are secured by individual passwords and automatic locking after
inactivity after time.
– Ban on sharing passwords
– Use of VPN technology
– The accesses are password protected
– Access is only available to authorized employees
– Remote access is only possible via encrypted connections
– All servers and client systems are protected by a regularly maintained firewall
– The passwords used must have a minimum length and are renewed at regular intervals
c) Access control (data)
Measures to ensure that those entitled to use a data processing system can only access data that is subject to their access rights and that personal data cannot be read, copied, modified or removed without authorisation during processing, use and after storage.
– The user rights are assigned differently and user profiles are created.
– The system administrator manages the user rights.
– The number of administrators is reduced to the minimum necessary.
– Obligation of all employees to maintain confidentiality.
– Storage of personal data in lockable cupboards.
– All employees must throw out printed information with personal data and / or
– Employees are prohibited from installing unauthorized software on the end devices
d) Transfer control
Measures to ensure that personal data cannot be illegally read, copied, modified or removed during electronic transmission or during their transport or storage on data carriers and that it is possible to verify and establish to which locations personal data are transferred by data transmission means.
– Firewall technologies are implemented according to the state of the art
– Leased lines or VPN tunnels are set up
e) Job Control
Measures, to ensure that personal data processed in the order can only be processed in accordance with the instructions of the customer.
– Existing agreements on order processing
– Our employees are instructed in data protection law at regular intervals and they are familiar
with the procedural instructions and user guidelines for data processing on behalf, also with
regard to the client’s right to issue instructions.
– Weiss AG has an internal data protection officer.