100% data protection guaranteed
econda takes data protection seriously.
econda solutions have met the stringent TÜV requirements as part of the “Certified Data Protection” certification procedure for several years.
Both econda (web) Analytics solutions and econda Recommendation Services have been awarded the “Certified Data Protection” mark from TÜV Saarland until the next recertification procedure in April 2018..
The basics of this certification are:
- the “Certified Data Protection” set of requirements V4.5
- the legislative requirements concerning data protection
- the basics of IT security at the current state of the art, based on the IT baseline protection manual of the BSI (German Federal Office for Information Security), as well as on the international standards for Information Security Management Systems ISO/IEC 27000
- the TR02149 test report
DATA PROTECTION
ABOVE AND BEYOND REQUIREMENTS OF DÜSSELDORF COMMITTEE
On November 26, 2009 the “Düsseldorf Committee” — an informal association of supervisory authorities for data protection in the private sphere — adopted a resolution which received a great deal of attention: “Creation in compliance with data protection laws of analytical methods for measuring the reach of online offers”. econda customers are happy with the stipulated requirements, as they have already been met for quite some time by econda solutions.
Specific requirements of the “Düsseldorf Committee” and the relevant measures taken by econda:
Requirements of the Düsseldorf Committee
“Relevant parties must have an opportunity to opt out of the creation of usage profiles. Such opt-outs must be implemented effectively.”
Implementation by econda
“Pseudonymized usage data must not be stored together with data about the pseudonymous user. Usage data must be deleted if the storage of this data is no longer necessary for creating the usage analysis or if the user requests this be done.”
“As part of data protection policies on their websites, providers must explicitly refer to the creation of pseudonymous usage profiles and the possibility of opting out.”
“A user’s personal data may only be collected and used without his/her consent to the extent necessary for providing access to and billing for telemedia services. Any use of data beyond the aforementioned requires the consent of the users in question.”
“The analysis of usage patterns by means of complete IP addresses (including geolocation) is only permissible if that individual has knowingly and explicitly consented to it, because the data is traceable to that person. If this consent is not forthcoming, the IP address must be abbreviated before any analysis so as to avoid any possibility of identification of the person involved.”
econda complies with the recommendation issued by the Article 29 Working Party on the Protection of Individuals of June 12, 2012. This is an independent European Commission advisory body which goes by the official name of the “Working Party on the Protection of Individuals with Regard to the Processing of Personal Data”. Set up under Article 29 of the Data Protection Directive 95/46/EC of October 24, 1995, this body issues recommendations on the proper interpretation of data protection regulations — such as the “cookie rule” — and their implementation at national level. You will find more information in Wikipedia.
Germany’s Federal Data Protection Act stipulates that personal data comprises any information concerning the personal or material circumstances of an identified or identifiable individual. Such data includes not only names, addresses, telephone numbers, and email addresses, but also any IP address which makes it possible to identify a certain individual.
Because econda abbreviates IP addresses to anonymize data during collection, when it comes to being used for the intended purpose, econda is unable to assign to a specific user. Anonymized data remains on econda servers and can be accessed there only by authorized customers. This aggregated data allows econda customers to analyze visitor flows and click paths, for instance, without the possibility of a specific user being identified.
We use personal data that is generated in the course of cultivating or maintaining a business relationship only as part of this relationship; under no circumstances will we use it otherwise or sell it.
The data collected stays at our data center in Frankfurt. As certified in an independent report issued by TÜV Saarland (a German inspection authority), econda’s server centers meet the most stringent requirements in terms of security and data protection. econda attaches the greatest importance to being able to ensure the uninterrupted security of all data. Therefore, there are no plans to relocate the technological hosting infrastructure outside of Germany in the near future.
All econda employees are informed about their obligations regarding data protection, data minimization, and confidentiality. Moreover, they regularly receive in-house and external training. econda’s data protection officer determines the relevance of the latest technological and legal developments and recommends appropriate measures at once, if necessary, to ensure that econda customers continue to be on solid legal ground in the future. Regular data protection audits verify econda’s infrastructural and organizational conformity with applicable laws and the state of the art in data protection technology.