Process

Technical and organizational measures for data security

Information on processing activity

(Art. 30 para. 1 lit. b GDPR)

As defined by the GDPR, by using our service you commission Beemgee GmbH to process your data and are thus “the controller” in the following text. This data includes your project input as well as personal data such as your e-mail address, which is necessary to perform our service to its full extent. Therefore, in the following text we are “the processor”.

If you register for Premium, payment data will not be collected by us, but by our payment service providers (PayPal and Braintree). These data are not sent to our servers and are not completely visible to us.

We treat all data – both personal and all inputted content – with absolute confidentiality. No third parties or companies associated with Beemgee will have access to user data (with the exception of promotions that we carry out with partners, for example competitions and challenges – here too, only the partner receives data in accordance with the respective conditions of participation).

There is no so-called “profiling” (automated decision making).

Our terms and conditions apply.

The processor is obliged to design the company and its business processes in such a way that the data which it processes on behalf of the controller are protected to the required extent and secured against unauthorised access by third parties. The processor shall notify the controller in advance of any changes in the organisation of data processing on behalf of the controller which are relevant to the security of the data.

Access and access control

The server technology of Beemgee GmbH, which processes personal data, is located in well-known large European data centers. The Beemgee server is located in a state-of-the-art data centre in Strasbourg (France) and has excellent connections to the European data network. Its redundant components guarantee maximum data protection and availability.

The systems of Beemgee GmbH are protected by specific user IDs and password regulations. Technical access to the server environments is via password-protected encrypted SSH access, which is only available to selected employees. The controller’s data can only be viewed and processed by selected suppliers and employees of Beemgee GmbH (in the case of promotions with partners such as competitions and challenges, possibly also by the partner in accordance with the terms of participation).

Every employee of Beemgee GmbH has access only to the data relevant to their area of responsibility. Each employee can only access the systems required for his or her work and the data required with the authorization assigned to him or her. The authorization requirement is checked regularly.

Transfer and input control

As far as operational concerns require the transport of data, these are exclusively transmitted encrypted by SSL or SSH and stored encrypted. The employees of Beemgee GmbH are required to maintain strict confidentiality.

Content and personal data are generated or modified by the controller. The software used has been intensively tested and maintained at all times in accordance with the current state of the technology. A unique project number is assigned for each project. Personal data can also be stored and changed manually. These entries can only be made after the controller has explicitly requested a Beemgee employee to do so. The logins are logged automatically. For each personal data record, the owner or the creation date is visible to the processor.

Encryption

For this purpose, Beemgee uses encryption methods for electronic transport that correspond to the state of the art and achieve a level of protection that is appropriate to the respective data.

These are for electronic transport:

All data is encrypted via SSL (256 bytes) and transmitted between the data center and the controller and is thereby secured. This certified encryption ensures that data remains private when transferred to or from the Beemgee website.

Personal data of users via the internet are secured with state-of-the-technology encryption methods.

Commission control

The employees of Beemgee GmbH are instructed in data protection law at regular intervals. They are familiar with the procedural instructions and user guidelines for data processing on behalf of the controller. The Terms and Conditions contain detailed information on the type and scope of the commissioned processing and use of the controller’s personal data.

The commission is clearly defined by the description of the application.

Availability

Beemgee GmbH operates a backup and recovery concept that is regularly checked. All server-side data processing systems are georedundant. All systems of Beemgee GmbH are subject to regular inspection and maintenance by our own qualified personnel or by contractually bound service technicians.

Separation

Development, test and production data processing are separated. The processing of the systems operated for the controller is separated. Data processed as required by the controller are marked in a suitable manner. This prevents any unlawful combination of the data.

Deletion of data

The data will be deleted after the legal or contractual retention periods have expired. If data are not affected by this, they will be deleted when the purposes associated with the processing of the data have ceased to apply, within a period of 2 years or directly at the written request of the client. After expiry of the deadline or termination of the order, the data will be deleted in accordance with data protection regulations, provided that this data does not have to be kept further due to legal regulations or this appears necessary to prove any claims for defects that may have been raised.

Loading capacity of the systems

Beemgee takes measures for order data processing in its server infrastructure to ensure system stability that meets the requirements of the number of customers and projects for reliable and timely data processing. Beemgee designs the storage, access and performance capacities of systems and services in such a way that they can also be used on peak days without noticeable delays in access or transmission times.

Adequate measures

The technical and organisational measures are subject to technical progress and further development. In this respect, the processor is permitted to implement alternative adequate measures. The safety level of the defined measures must not be diminished.

 

16.05.2018

 

Third countries and subcontractors

of Beemgee GmbH

Like almost all web service providers, we use the services of other companies so that you can take advantage of all our offers. This includes hosting, web space, mailing services and more. Some of these companies have their headquarters and also their servers outside of Europe. Here is the list of services we use.

 

Company: Host Europe
Company address: Host Europe GmbH
Hanseatic str. 111
51149 Cologne
Germany
Website: https://www.hosteurope.de
Application: Data center services for the processing and storage of client data.

 

Company: Domain Factory
Company address: domainfactory GmbH
Oskar Messter St. 33
85737 Ismaning
Germany
Website: https://www.df.eu
Application: Domain & E-Mail Hosting

 

Company: MailChimp
Company address: The Rocket Science Group, LLC
675 Ponce de Leon Ave NE
Suite 5000
Atlanta, GA 30308 USA
Website: https://mailchimp.com
Application: Mailingservice – Communication by e-mail newsletter and mailings

 

Company: PayPal and Braintree Payments
Company address: PayPal (Europe) S.à r.l. et Cie, S.C.A.
22-24 Boulevard Royal
L-2449 Luxembourg
Website: https://www.paypal.com and https://www.braintreepayments.com
Application: Payment provider

 

Company: Dropbox
Company address: One Park Place,
Floor 5,
Upper Hatch Street,
Dublin 2,
Ireland
Website: https://www.dropbox.com
Application: File management

 

Company: YouTube LLC
Company address: 901 Cherry Ave.
San Bruno, CA 94066
USA
Website: https://www.youtube.com
Application: Video Hosting & Streaming

 

Company: plus B, Baghdadli-Becker GbR
Company address: 114 Potsdamer Str,
10785 Berlin
Germany
Website: https://www.plusb.de
Application: WebApp development

 

Company: Dirk Pfeffermann, accounting and payroll service
Company address: 30 Sophie Charlotten Street,
14059 Berlin
Germany
Website: http://www.fibu-dp.de
Application area: Accounting

 

Company: Karsten Meyer
Company address: Wound road 60,
14057 Berlin
Germany
Website: http://www.meinesteuerberaterin-berlin.de/
Application: Tax consultancy

 

16.05.2018

See also: Privacy

Follow Us!

Subscribe to our blog