Data Protection and Privacy at DOCUBYTE
Trust is based on excellent performance.
Compliance with data protection rules by German and European standards is a natural part of our activities and provides the basis for a good and trustful cooperation. For this reason our data protection measures are certified since 2010. As a service provider for files digitization and data acquisition we meet all organizational and technical measures in accordance with § 9 BDSG. We are advised by an external data protection officer and regularly reviewed. In addition, all data processing facilities and storage areas are perfectly protected against burglary and theft by a modern alarm system. Our IT infrastructure is – also with regard to data protection – on the cutting edge of technology. We protect your data, inter alia, by server and network virtualization, powerful firewalls and permanent virus scanning.
(Available only in German)
If you have questions about privacy, please contact via the contact form, by phone or via e-mail the manager or our data protection officer, Mr. Rolf Schlagintweit (Verimax GmbH).
The 8 Commandments of Data Protection
|Access Control||Ensuring that unauthorized persons are denied entry to the company and to data processing equipment||Access is possible during the day on an open main entrance to the corridor areas, of which the 2nd floor, the company DOCUBYTE can only be accessed via the always closed the main entrance door. The access control is ensured through a code lock with numeric keypad. The central data processing systems (servers, data storage systems, firewall, UPS, central alarm system, etc.) are located in a locked server room, which can only be entered with the corresponding keys. Only the dedicated group of persons has an access authorization to the server room. For the times when the offices are unoccupied, an alarm is active. The system is automatically checked daily for full function. With intrusion, the police will be alerted.|
|Admission Control||Ensuring that unauthorized access to and use of data processing systems is denied||The access control systems of DOCUBYTE are structured according to the following principle: central user assignment with user ID and password. For the award of logon passwords on the internal network, different methods exist, as well as for the regular change of passwords. In addition, there are other measures that regulate access to the corporate network (external access exclusively via secure VPN connections in conjunction with the certificate files; Internet access is completely blocked for the production rooms; FTP, TCP, HTTP, SMTP, etc. are only for defined computer shared on the network; unneeded ports are disabled both outward and inward). The access control measures are subject to continuous review in respect of the current risk situation.|
|Access Inspection||Ensuring adequate access control system; that is, that each has only the rights that he needs for his work||The work on the network requires access to different, the remit assigned systems. The quality of individual passwords is determined by high demands such as instructions regarding complexity, minimum length, validity, uniqueness within the change intervals and automatic lockout after failed login attempts or absence of use. In addition, each user can perform only the tasks and transactions that are assigned in accordance with a coordinated authorization approach its task.|
|Transfer Control||Warranty may be that personal data in the electronic transmission or during transportation or storage on disk can not be read, copied, modified or removed||The electronic transmission of confidential and personal data to and from the client takes place bears solely via encrypted data lines. come to use u. a. The method as S-FTP and HTTPS. Paper documents are transported either by the company's own transport services or through approved Service Providers. Depending on the contract situation, paper documents can be destroyed 32575 detectable by certified service providers in accordance with the agreed security level DIN.|
|Input Control||Ensure subsequent verifiability as regards the entry, modification or removal of personal data; Ensuring a user-specific assignment of activities||Only authorized access to data via unique user identities. Logging of accesses and changes to personal data. It is detectable at each processing step, who has performed what operation. This can be verified subsequently, have been from which employees what information and when the customer prepared, scanned, recorded, delivered, changed or deleted.|
|Order Control||Ensuring that personal data which are processed in the order, be processed only in the instructions of the customer||With the service of order data processing be made clear agreements on role definitions, scope of tasks, -content and especially command and control powers under.|
|Availability Control||Ensuring that personal data are protected against destruction and loss||All personal data are especially protected in terms of availability and recoverability. To this end, redundant backup systems and additionally also systems are used with outsourced data management.|
|Data Separation||Ensuring that data that have been collected for different purposes can be processed separately||The collection and processing of personal data is always required earmarked and provided for the completion in separate systems. In particular, is ensured through organizational measures and cleanest logical data separation that data from different customers are collected and processed separately.|