TOM – Appendix 1 DPA
Approved technical and organisational measures of the Processor
General information on security measurements of the Application Contract Alert as from Version 33. (Security by design)
General approach to data privacy:
All personal data is encrypted and saved into the database of your application,
Encryption of personal information
Personal information in respect of contacts of contractors and the user accounts are encrypted with a password and saved in your database (First name, Family name, Email, Username and Password). Encryption reduces the risk of divulging personal data in a readable format in case of data leakage.
The used password for encryption is saved into a system file. The system file is also encrypted with a password. The password used to encrypt the system file is not available in production environment.
Portability of saved user data
All information saved on a user can be downloaded by the user. The option is available in the user profile. (Date and time of login, changes made to contracts, contract approval requests, contract- and event ownership)
Single tenant environment
Every customer is having its own application files and associated database separated from other customer installations, as such limiting the quantity of data leakage in case of breach.
AES Encryption
The administrator of a Contract Alert installation (the customer) can activate document encryption and set a password in its user profile. Once the AES-Encryption is activated, all documents uploaded to the system are encrypted with the password and stored on the servers.
The Advanced Encryption Standard is a symmetric-key block cipher algorithm and standard for secure and classified data encryption and decryption.
Documents can only be opened after a valid login into your system. The encryption and decryption of your documents is a background procedure.
Account blocking
After three attempts to login with a wrong password, the user account is blocked and the user is forced away from the login page. The blocking consists of changing the password and the user can retrieve the new password by using the option “forgot my password” on the login page.
Legal data retention period
The administrator of your application can permanently delete information from the application based on the legal retention period applicable in your country.
All information like contracts, associated documents, contract history, related contractor- and contact information will be permanently deleted from contracts with an ending date before the end of the retention period.
Right to be forgotten
User accounts
User accounts can be deleted permanently as well if desired (not recommended). If any changes to a contract, approval, request or contract event is available in the contract history, the user name and first name will be replaced by “Deleted GDPR”.
Contact information of contractors
As contact information of contractors is just having an informational function within Contract Alert, contact information can be deleted permanently from the database by a user, if sufficient rights have been granted.
SSL Security
When users are entering data, the data is protected with a SSL-Certificate, similar to online banking. The SSL Certificate encrypts all data transferred between the client (browser) and our server.
Encoded program files
All program files are encoded / compiled. This protects the scripts from unauthorised changes.
Backups and data replication
A backup of the full system is made on a daily basis and saved on an external and offsite server. Daily backups being deleted after 4 days.
A monthly backup is saved on an external server and deleted after 6 months.
Database dumps are executed on an hourly basis and saved to an external server.
File replication: All files from the production server are replicated to an external server. This concern newly uploaded documents and also the removal of an application.
Physical access control to the data center
Appropriate measures for preventing unauthorised persons from gaining access to data processing facilities.
- Chip card / transponder locking system
- Light barriers / Motion detectors
- Record of visitors
- Personal presence (doorman / reception)
- Alarm system
Logical access control production environment
Measures intended to prevent data processing systems being used by unauthorised persons.
- Creation of user profiles
- Allocation of user rights
- Authentication with username / password
- Access log scanning
- Use of antivirus software
- Use of a hardware firewall
Data access control production server
Measures that ensure that parties authorised to use a data processing system can modify solely the data pertaining to their access level, and that data cannot be read, copied, modified or removed without authorisation during processing and use and once it has been saved.
- Rights administered by an administrator
- Number of administrators reduced to “bare minimum”
- Recording access to applications
- Single tenant environment
- Creation of user profiles and allocation of rights combined with username / password
Data transfer control production server
Measures to ensure that data cannot be read, copied, modified or removed without authorisation during electronic transfer or when being transported or saved onto data storage media, and to ensure that the locations at which data is to be transferred via data transfer facilities can be checked and identified.
- Data transferred in anonymised or pseudo-anonymised form (SSL)
- Creation of dedicated lines or VPN tunnels
Data entry control
Measures to ensure that it can be subsequently verified and determined whether and by whom personal data has been entered, modified or removed in the data processing system.
- Allocation of rights to enter, modify and delete data based on the authorisation concept.
Control of Processing Instructions
Measures to ensure that data that is to be processed under the Contract can be processed only in accordance with the data owner’s instructions.
- Written instructions to the processor is mandatory
- Guarantee that data will be destroyed after the end of the contract
Availability control
Measures to ensure that data is protected against potential loss or destruction.
- Interruption-free power supply (UPS)
- Devices for monitoring temperature and humidity in server rooms
- Fire and smoke detectors
- Testing of data restoration
- Data backups stored in a secured offsite location
- Instant file replication and hourly database dumps
- Air conditioning in server rooms
- Fire extinquishers
- Server rooms not located under sanitation facilities
Separation control
Measures to ensure that data collected for different purposes can be processed separately.
- Definition of database rights
- Physically separate storage on distinct systems