Technical and organizational measures for data security
Information on processing activity
(Art. 30 para. 1 lit. b GDPR)
As defined by the GDPR, by using our service you commission Beemgee GmbH to process your data and are thus “the controller” in the following text. This data includes your project input as well as personal data such as your e-mail address, which is necessary to perform our service to its full extent. Therefore, in the following text we are “the processor”.
If you register for Premium, payment data will not be collected by us, but by our payment service providers (PayPal and Braintree). These data are not sent to our servers and are not completely visible to us.
We treat all data – both personal and all inputted content – with absolute confidentiality. No third parties or companies associated with Beemgee will have access to user data (with the exception of promotions that we carry out with partners, for example competitions and challenges – here too, only the partner receives data in accordance with the respective conditions of participation).
There is no so-called “profiling” (automated decision making).
Our terms and conditions apply.
The processor is obliged to design the company and its business processes in such a way that the data which it processes on behalf of the controller are protected to the required extent and secured against unauthorised access by third parties. The processor shall notify the controller in advance of any changes in the organisation of data processing on behalf of the controller which are relevant to the security of the data.
Access and access control
The server technology of Beemgee GmbH, which processes personal data, is located in well-known large European data centers. The Beemgee server is located in a state-of-the-art data centre in Nuremberg (Germany) and has excellent connections to the European and world data network. Its redundant components guarantee maximum data protection and availability.
The systems of Beemgee GmbH are protected by specific user IDs and password regulations. Technical access to the server environments is via password-protected encrypted SSH access, which is only available to selected employees. The controller’s data can only be viewed and processed by selected suppliers and employees of Beemgee GmbH (in the case of promotions with partners such as competitions and challenges, possibly also by the partner in accordance with the terms of participation).
Every Beemgee employee has access only to the data relevant to their area of responsibility. Each employee can only access the systems required for his or her work and the data required with the authorization assigned to him or her. The authorization requirement is checked regularly.
Transfer and input control
As far as operational concerns require the transport of data, these are exclusively transmitted encrypted by SSL or SSH and stored encrypted. The employees of Beemgee GmbH are required to maintain strict confidentiality.
Content and personal data are generated or modified by the controller. The software used has been intensively tested and maintained at all times in accordance with the current state of the technology. A unique project number is assigned for each project. Personal data can also be stored and changed manually. These entries can only be made after the controller has explicitly requested a Beemgee employee to do so. The logins are logged automatically. For each personal data record, the owner or the creation date is visible to the processor.
For this purpose, Beemgee uses encryption methods for electronic transport that correspond to the state of the art and achieve a level of protection that is appropriate to the respective data.
These are for electronic transport:
All data is encrypted via SSL (256 bytes) and transmitted between the data center and the controller and is thereby secured. This certified encryption ensures that data remains private when transferred to or from the Beemgee website.
Personal data of users via the internet are secured with state-of-the-technology encryption methods.
The employees of Beemgee GmbH are instructed in data protection law at regular intervals. They are familiar with the procedural instructions and user guidelines for data processing on behalf of the controller. The Terms and Conditions contain detailed information on the type and scope of the commissioned processing and use of the controller’s personal data.
The commission is clearly defined by the description of the application.
Beemgee GmbH operates a backup and recovery concept that is regularly checked. All server-side data processing systems are georedundant. All systems of Beemgee GmbH are subject to regular inspection and maintenance by our own qualified personnel or by contractually bound service technicians.
Development, test and production data processing are separated. The processing of the systems operated for the controller is separated. Data processed as required by the controller are marked in a suitable manner. This prevents any unlawful combination of the data.
Deletion of data
The data will be deleted after the legal or contractual retention periods have expired. If data are not affected by this, they will be deleted when the purposes associated with the processing of the data have ceased to apply, within a period of 2 years or directly at the written request of the client. After expiry of the deadline or termination of the order, the data will be deleted in accordance with data protection regulations, provided that this data does not have to be kept further due to legal regulations or this appears necessary to prove any claims for defects that may have been raised.
Loading capacity of the systems
Beemgee takes measures for order data processing in its server infrastructure to ensure system stability that meets the requirements of the number of customers and projects for reliable and timely data processing. Beemgee designs the storage, access and performance capacities of systems and services in such a way that they can also be used on peak days without noticeable delays in access or transmission times.
Technical and organisational processes and measures are subject to technical progress and further development. In this respect, the processor is permitted to implement alternative adequate measures. The safety level of the processes and measures may not be diminished.
Third countries and subcontractors
of Beemgee GmbH
Like almost all web service providers, we use the services of other companies so that you can take advantage of all our offers. This includes hosting, web space, mailing services and more. Some of these companies have their headquarters and also their servers outside of Europe. Here is the list of services we use.
Company address: IOS Solutions Services GmbH
Application: Data center services for the processing and storage of client data.
Company: Domain Factory
Company address: domainfactory GmbH
Oskar Messter St. 33
Application: Domain & E-Mail Hosting
Company address: The Rocket Science Group, LLC
675 Ponce de Leon Ave NE
Atlanta, GA 30308 USA
Application: Mailingservice – Communication by e-mail newsletter and mailings
Company address: SocketLabs Corporate Headquarters
700 Turner Industrial Way
Aston, PA 19014 USA
Application: Mailingservice – Notifications by e-mail and mailings
Company: PayPal and Braintree Payments
Company address: PayPal (Europe) S.à r.l. et Cie, S.C.A.
22-24 Boulevard Royal
Website: https://www.paypal.com and https://www.braintreepayments.com
Application: Payment provider
Company address: One Park Place,
Upper Hatch Street,
Application: File management
Company: YouTube LLC
Company address: 901 Cherry Ave.
San Bruno, CA 94066
Application: Video Hosting & Streaming
Company: plus B, Baghdadli-Becker GbR
Company address: 114 Potsdamer Str,
Application: WebApp development
Company: Dirk Pfeffermann, accounting and payroll service
Company address: 30 Sophie Charlotten Street,
Application area: Accounting
Company: Karsten Meyer
Company address: Wound road 60,
Application: Tax consultancy
Revised 8 April 2019 to include SocketLabs.
See also: Privacy