Business Keeper AG secures the privacy and security of data and of the BKMS® System user, and in particular ensures the whistleblower’s anonymity; both of these are subject to regular certification. Business Keeper AG has no access to a customers’ or whistleblowers’ report data with regard to contents. Therefore, customers are responsible for compliance with data protection and data security with regard to their reports in the BKMS® System.
Encoding
The BKMS® System uses an asymmetric crypto system to encrypt all whistleblowing reports. This encryption method is extremely safe, and Business Keeper AG voluntarily has it certified by an independent specialist on a regular basis. In addition, the BKMS® System is subjected to periodical penetration testing by independent experts.
Host
The production systems are operated exclusively in a high security data center at T-Systems that is subject to separate technical and organizational measures. The measures and solutions that T-Systems operates for data security and data protection meet the highest standards of information security, as specified in the ISO 17799/27001 basic requirement.
Server security
The BKMS® System application is run on dedicated servers in a high security data center, in which the European Central Bank also has its servers. A recent SAS 70 report for the data center is available. The administration and maintenance of the server rest solely with Business Keeper AG.
The safety-related data transmission between the whistleblower / examiner and the system is protected by a SSL server certificate. The certificate was issued by the Deutsche Telekom AG (T-TeleSec Trust Center).
Recording
No IP address data, time stamps or metadata are recorded in the Business Keeper AG’s patent-pending system.
Cookies
While using the BKMS® System the server is not able to clearly recognize the client (the user’s computer). In order to clearly assign a session to a client, a small file (null cookie) is transmitted to the user’s computer. This cookie only contains an identification number for the current session and becomes invalid at the end of the session (i.e. when exiting the server). This session number is totally unrelated to the report data and is only necessary for programming reasons. The content of the cookie is completely harmless and contains no data of the whistleblower or any part of a report.
Attachments
Some customers’ BKMS® Systems allow attachments, but this is not mandatory. These files are not checked or altered by us.
Customer data protection
Our clients have exclusive access to the whistleblower reports and can save these on their internal servers. If a customer has its main or branch office in a third country, the data from the BKMS® System is stored and processed there. Customers are responsible for compliance with data protection and data security with respect to their reports from the BKMS® System. To enforce your rights as an affected person, please contact the customer directly as the responsible party.
Certification
Business Keeper AG currently submits voluntarily to a data privacy and data security review at both the federal and European level to certify the legal conformity of the BKMS® System.
The BKMS® System will be certified by the Independent Centre for Privacy Protection Schleswig-Holstein (ULD). Approval by the ULD certifies that the compatibility of a product with the rules concerning data protection and data security was ascertained in a formal procedure. Based on this, the ULD recommends the products to public authorities in the state of Schleswig-Holstein. Other federal states in Germany also recommend the use of products with the ULD seal of approval. The second certification authority is EuroPriSe (European Privacy Seal). EuroPriSe is an EU certification and confirms a product or service's compliance with European data protection laws.
Contact partners
Contact person at Business Keeper AG for all issues regarding data protection and internal data protection officer (DSB-TÜV) is Mrs. Maren Fink, email: m.fink[at]business-keeper.com.
Here you may find information concerning our website's data protection.
Here you may find information concerning our commissioned data processing for customers.