Commissioned Data Processing

Contractual Relations between Principal and Agent

On behalf of her customer (principal) RISER ID Services GmbH (agent) obtains registry information from official registry offices in Germany, Austria and Switzerland. We are obliged to process personal data under the German Federal Data Protection Act. We have appointed a data protection officer, who attends to his duties in accordance with sections 4f and 4g BDSG. Please note following principles:

General information

The object and the duration of the data processing order, as well as the scope, type and purpose of the intended collection, processing or use of data, the type of data and the data subjects are defined in the user agreement concluded between the customer and RISER ID Services GmbH. 

Technical and Organisational Measures

RISER ID Services GmbH undertakes to implement all technical and organisational measures necessary to protect the personal data as required by sec. 9 BDSG and the annex. 

Organisational Control

The staff of RISER ID Services GmbH has committed itself to maintaining confidentiality and to observing the non-disclosure regulations. Moreover, RISER ID Services GmbH has obligated all subcontractors by contract to apply a similar procedure for their own employees.

Entry Control

Unauthorised persons are barred from entering the data processing facilities of RISER ID Services GmbH in which personal data are processed or used. To this end, RISER ID Services GmbH has relocated its data processing facilities for personal data to a computer centre that meets state-of-the-art a security standards and is equipped with an entry control system (e.g. ID control, doorman, electronic entry controls).

Physical Access Control

RISER ID Services GmbH has suitable measures in place to prevent unauthorised persons from using the data processing systems. Access to the data processing systems of RISER ID Services GmbH is monitored (e.g. role concept, electronic physical access control, key management).

Access Control

Using a role concept, RISER ID Services GmbH guarantees that authorised users of a data processing system can only access data for which they have the appropriate access authorisation, and that personal data cannot be read, copied, modified or deleted by unauthorised persons during processing, use and after saving. All staff of RISER ID Services GmbH must undergo an sign-in procedure before they can use the data processing systems. As part of this procedure, the user is identified and authenticated (entry of username and password).

Transmission Control

RISER ID Services GmbH guarantees that, within its sphere of influence, personal data cannot be read, copied, modified or deleted by unauthorised persons during electronic transmission, during transportation or when saving to a data storage device, and that it is possible to check and determine to which entities a transmission of personal data is intended with provided data transmission facilities. Therefore, personal data are always transmitted in encrypted form where possible. In cases in which encryption is not possible, a secure alternative method is used. Personal data are not transferred to third parties who are not involved in the data processing procedure. A commitment to adhere to the legal requirements for data processing orders has been obtained from all private-sector subcontractors of RISER ID Services GmbH. Public-sector subcontractors of RISER ID Services GmbH (e.g. municipal computer centres) are equally bound by the legal requirements for data processing orders.

Input Control

RISER ID Services GmbH guarantees that, within its sphere of influence, it is usually possible to investigate and ascertain whether personal data have been entered into, modified in or deleted from data processing systems, as well as the identity of the person who carried out the data entry, modification or deletion. A suitable logging system has been deployed, which records any entry, modification or deletion of personal data (e.g. log files).

Order Control

RISER ID Services GmbH guarantees that personal data can only be processed as part of a data processing order in accordance with the customer’s instructions. RISER ID Services GmbH will provide evidence that the information received in response to customer inquiries originates from public authorities, if so requested by the customer. RISER ID Services GmbH is not obliged to inform the customer of procedural changes in individual processing steps (e.g. change from written to automated responses).

Availability Control

RISER ID Services GmbH guarantees that personal data are protected against accidental destruction or loss. A backup strategy is implemented based on a separate, previously formulated data security concept that defines which data need to be backed up.

Principle of Separation

RISER ID Services GmbH guarantees that data collected for different purposes can only be viewed by the customer who submitted the relevant inquiry. It is ensured that customers cannot view, copy or save the personal data of other customers.

Secure Data Transfer

All data transfers occurring within the framework of the customer, supplier or registry office portals are carried out using SSL (Secure Socket Layer) encryption.

Stefan GöthePartner Management and Data Security

+49.30.236 0769-38

stefan.goethe@xxriserid.eu

Customer Support

 

Operations and Customer Support
Eberhard Mühlfeld

+49.30.236 0769-45

+49.30.236 0769-11
support@xxriserid.eu