Data Transfer Control. The transmission of personal or other confidential data occurs with transport encryption or higher. HWD has an internal policy concerning the use of cryptographic methods, with clear definitions about which cryptographic methods are permissible in which constellation and with which technical specifications. HWD thereby follows the guidelines of the German Federal Office for Information Security (BSI), as well as those of the US National Institute of Standards and Technology (NIST). Furthermore, HWD recommends the use of file-based encryption for the customer communication, whe- never personal data is transferred. This way, even the temporary storage of data on HWD or the custo- mer side is secured. This method requires, however, that the customer has the technical capacity to receive or transmit such an encrypted file. Insofar as HWD identifies this possibility with the customer, HWD will use such a method of file-based encryption, in coordination with the customer. HWD follows a standard process for the storage, deletion, and physical destruction of data media. The data media, their safe storage location, as well as their consecutive return, deletion, or destruction, are logged accordingly. The destruction security level is H-4 according to the DIN standard 66399-2. The shipping of personal data follows the strict conditions and safeguards provided for by law. Mobile data media with personal data are only stored in secured premises, and, if not in use, in a safe. Data which are no longer required for the provisioning of an order, e.g., blocked data, are stored in a sepa- rate, access-protected storage area. The repair and disposal of data media or hardware occur only by appropriately liable and certified companies. The same holds true for the disposal of data on paper.
Appears in 3 contracts
Sources: Data Processing Agreement, Data Processing Agreement, Data Processing Agreement