At ORWO Net GmbH, all technical and organizational measures for the establishment and guarantee of data protection and data security
are in accordance with the regulations of the Federal Data Protection Act (BDSG) and the guidelines of the Federal Office for Information Security (BSI).
The operating parts are completely secured by fencing, personal recording of the inputs and outputs (turnstile/isolating system or access for the disabled) and special gates. Access points with increased security requirements are monitored by door monitoring and access control systems with a documented time concept and the connection to an alarm center. Sensitive areas are monitored with cameras. The central IT technology is additionally secured in various safety zones and fire sections. Different access rules are a guarantee for the implementation of the requirements of security management.
Data carriers containing personal data cannot be read, copied, modified or removed without authorisation. IT security management guarantees the strict implementation of all measures and regulations regarding the right to use the IT systems, storage, output and destruction of data and data carriers. Within the scope of the implementation of access control, only authorised persons can access the data subject to their access authorisation exclusively. Security measures are used for the internal identification and verification of the front-end systems, allocation of the user groups, individual access rights, measures in the case of a repeated fault test. Type and times of intrusion attempts in the firewall are being documented.
Unauthorised use of computer and server systems is prohibited. IT security management prevents the computer and server systems as well as the operated data and communication networks from being used without authorisation. The internal networks are secured by certified firewalls, current antivirus software and other technical and organisational measures. Regular Internal safety audits as well as audits by external safety consultants are carried out regularly. The use of internal IT systems is constantly and fully documented.
Data can not be read, copied, changed or deleted in the transmission of personal data, as well as during transport of data carriers. The dispatch of products and physical data is carried out by means of internal transport services and/or external service providers certified by ORWO Net GmbH. An exact definition of authorised employees for sending, transporting and receiving data media is compiled. State of the art encryption according to the current long distance data transfer capability for accessing the internal systems is ensured.
ORWO Net GmbH ensures that personal data of the customer can only be processed according to the customer`s instructions. Contract processing requires a written contract with the customer. An identity check of the customer takes place. The contract must comply with internal data security regulations. For each order processed, a written detailed order is necessary.
We ensure that unauthorised entry as well as the unauthorised acquaintance, modification or deletion of stored data is prevented. There are appropriate measures and regulations for authorisation and monitoring. The IT operation ensures that the persons authorised to use the data processing system are only able to access the data subject to their access authorisation. Proof of access by transaction logs via changes and deletions with respect to data, times of processing and users are carried out, which ensures the ability to check and determine which personal data, at which time, has been entered by whom into the data processing systems.
The organisational regulation for data carrier storage, taking into account the storage periods and the clear identification of data carriers and the regular use of backup systems ensures that personal and/or order data can not be read, copied, deleted or stolen without authorisation during use and archiving. IT Operations has a structures and processes with corresponding work plans.
Principle of proportionality
The principle of proportionality is applied in all agreed measures. Employees and temporary employees of ORWO Net GmbH are informed and obligated at regular intervals in accordance with Art. § 5 of the Federal Data Protection Act (BDSG). Management and the Data Protection Officer of ORWO Net GmbH ensure compliance with all rules.
The order control ensures that the files of different contractors are processed logically and separately. The individual details with which anonymity can be deregulated in case of prosecution are stored separately from the other data. The goal of the separation requirement is to ensure restricted access and order control.