“We have been convinced once again that the BKMS® Compliance System ensures the safety and confidentiality of personal data by means of an extraordinarily high level of data security and highly differentiated access rights. This award confirms that the stand-alone application meets the world's highest certifiable data protection standard.“

– Sebastian Meissner, Head of the EuroPriSe Certification Authority

"With the BKMS® Incident Reporting, Business Keeper has succeeded in developing an intelligent whistleblowing solution that conforms to data protection laws and takes into consideration the data protection interests of all involved parties. This was already confirmed when the system was awarded EuroPriSe certification. Seeing more companies display the engagement and energy that Business Keeper does when it comes to pro-actively committing themselves to data protection would be a delight."

– Kirsten Bock, former Head of Division, Independent Regional Centre for Data Protection (ULD)

„In our opinion, the data protection measures in the BKMS® Incident Reporting really put this whistleblower system ahead of the pack.“

– Dr. Irene Karper (datenschutz cert)

"Business Keeper has been exemplary in implementing transparency in data handling processes, technical and organisational measures, and in protecting the whistleblowers, using a data protection function and comprehensive, trust-building information."

– Dr. Thilo Weichert, at that time ULD Director

"The fact that the BKMS® Compliance System was awarded the European Privacy Seal is a clear sign to our clients and to the whistleblowers themselves that we take data protection very seriously when it comes to such a sensitive topic as reporting on grievances and cases of corruption. The EuroPriSe Seal, which takes into consideration legal aspects of data protection, is an excellent addition to the technical security certificates already awarded to the BKMS® Compliance System.“

– Kenan Tur, Founder and Director of Business Keeper AG
contact

Data protection and information security

Data protection and information security are the foundations of the BKMS® Compliance System.

Protection of the data and users of the BKMS® Compliance System is our highest priority. Accordingly, we never at any time have access to the report and case data of our customers and their whistleblowers. This is regularly verified on a voluntary basis through external audits by independent bodies. In addition to designing the BKMS® Compliance System to be amenable to the implementation of data protection requirements, we also support our customers with best practice information on how to use the whistleblowing system in compliance with the principles of data protection.

The following certifications confirm the outstanding data protection and information security level of the BKMS® Compliance System. These symbolically represent the high standards that we place on our company and the BKMS® Compliance System.

European Privacy Seal

The European Privacy Seal (EuroPriSe) certifies conformity with European data protection law. In a multi-stage evaluation and certification process by independent IT and legal experts, the data protection conformity of the BKMS® Compliance System was compared against the applicable, publicly viewable criteria based on the EU General Data Protection Regulation (EU GDPR).

Within the scope of the certification process, the technical and organisational measures for data security and data protection were deemed to have exceeded legal requirements.

The seal is valid for two years and includes regular monitoring every eight months by the independent IT and legal experts and the EuroPriSe certification body. Since the initial certification carried out in 2013, the BKMS® Incident Reporting has been successfully recertified every two years. In 2020, the certification could be successfully expanded to the modules BKMS® Translation, BKMS® VoiceIntake, BKMS® Case Management, BKMS® Third Party and BKMS® Business Approvals.

With its various modules, the BKMS® Compliance System is the most comprehensive and first compliance solution worldwide, which is certified according to the strict EuroPriSe criteria.

To our EuroPriSe certificate

ISO 27001 Certification

The information security management system (ISMS) of Business Keeper GmbH has been certified according to ISO 27001. The scope of the certification covers the secure operation of the BKMS® Compliance System. Special attention was paid here to the secure software development as well as high availability in the operation of the BKMS® Compliance System. The BKMS® Compliance System therefore verifiably satisfies higher standards for data security than systems of other providers, which generally only obtain certification according to ISO 27001 for the ISMS of the high-security data centre.

The internationally established standard ISO 27001 specifies requirements for a comprehensive information security management system in organisations that is intended to ensure the availability, integrity and confidentiality of information. The process begins with an analysis of potential threats to IT systems and information. This is followed by the definition and implementation of the necessary technical and organisational security measures. The established security measures for maintaining and continually improving the IT security of the organisation are regularly evaluated and updated.

To our 27001 ISO certificate

Penetration testing

For quality assurance, penetration tests are regularly performed by external and internationally known security service providers. These tests confirm that there are no known security weaknesses in the BKMS® Compliance System. A current confirmation of the regular testing is open to public inspection at all times.

To the confirmation of the penetration testing

Other security measures in the BKMS® Compliance System

High-security data centre

The BKMS® Compliance System is operated on closed servers in a tier 3+ high-security data centre which offers above-average physical security. The data centre is certified according to ISO 27001:2013. The administration and maintenance of the BKMS® servers is solely the responsibility of the internal IT experts of Business Keeper GmbH.

Server certificate

The BKMS® server features an extended server validation certificate that clearly and securely verifies their legitimacy. This ensures that all reports and correspondence take place over a clearly indicated TLS connection. TLS secures the communication between the browser of the customer or whistleblower and the BKMS® server by means of standardised cryptographic mechanisms.

Secure data transmission and data retention

The security-critical data transmission between whistleblowers or report examiners and the BKMS® Incident Reporting is protected by an https connection. The whistleblower and examiner area are strictly separated on the server; the data processing of the systems operated for customers is separate. The strong encryption in the BKMS® Compliance System intensifies this separation, making wrongful amalgamation of the data impossible.

Logging and cookies

The BKMS® Incident Reporting does not log IP address data, time stamps or metadata relating to its use by whistleblowers.

During use of the BKMS® Incident Reporting, the server is not capable of uniquely identifying the client (the user’s computer). In order to be able to clearly identify the client during a session, the application transmits a session cookie to the user’s computer. This session cookie is only used for the current connection and only has an identification number for the session in progress. This cookie is deleted once the browser is closed. This session number bears no relation to the whistleblower or the data being submitted and is only necessary for technical reasons.

Contract data processing for our customers

Although we do not have access to the reports of our customers, including any file attachments, we are a processor in the sense defined by Art. 28 of the EU GDPR. We therefore fulfil all technical and organisational measures required of controllers and processors according to Art. 32 EU GDPR for secure processing. Our data protection and IT security team supports customers in meeting the data protection requirements arising from the contract-based processing.

Privacy Settings

Datenschutzeinstellungen

Paramètres de confidentialité

Configuración de privacidad

Configurações de privacidade

Impostazioni sulla privacy

Ustawienia prywatności

Nastavení ochrany osobních údajů

Nastavenia ochrany osobných údajov

On our website we use cookies that are necessary for technical reasons, for example to save your cookie settings and, after you have provided your consent, also marketing cookies, which help us to improve our web presence and implement advertising campaigns.

In this regard, we also use technology by third-party providers (Google, LinkedIn, Microsoft), with which data processing in the USA, where there is no adequate level of data protection, cannot be excluded. IP address data is anonymised by abbreviation.

Your consent is provided on a voluntary basis and may be revoked at any time. Please note that this information applies only to our company website. In order to guarantee absolute confidentiality, we still do not use third-party provider cookies or other marketing technologies in the BKMS® Compliance System.

You can find more information in the data protection policy.

Auf unserer Webseite verwenden wir technisch notwendige Cookies, etwa zur Speicherung Ihrer Cookie-Einstellungen und, nach Ihrer Einwilligung, auch Marketing Cookies, die uns helfen, unseren Internetauftritt zu verbessern sowie Werbekampagnen durchzuführen.

Dabei nutzen wir auch Technologien von Drittanbietern (Google, LinkedIn, Microsoft), bei denen eine Datenverarbeitung in den USA, wo kein angemessenes Datenschutzniveau gewährleistet ist, nicht ausgeschlossen werden kann. IP-Adressdaten werden durch Kürzung anonymisiert.

Ihre Einwilligung ist freiwillig und jeder Zeit widerrufbar. Bitte beachten Sie, dass dieser Hinweis nur für unsere Unternehmenswebseite gilt. Zur Gewährleistung absoluter Vertraulichkeit verwenden wir im BKMS® Compliance System weiterhin weder Drittanbieter-Cookies noch sonstige Marketing Technologien.

Weitere Informationen finden Sie im Datenschutzhinweis.

Sur notre site web, nous utilisons des cookies techniquement nécessaires par exemple pour enregistrer vos réglages en matière de cookies et, après avoir reçu votre consentement, également des cookies de marketing qui nous aident à améliorer notre présence sur Internet et à réaliser des campagnes publicitaires.

Nous utilisons aussi des technologies de fournisseurs tiers (Google, LinkedIn, Microsoft) au cours de l’emploi desquelles ne peut être exclu un traitement des données aux États-Unis, pays où aucun niveau raisonnable de protection des données n’est garanti. Les données d’adresse IP sont tronquées pour les anonymiser.

Votre consentement est facultatif et révocable à tout moment. Veuillez noter que cette remarque ne vaut que pour notre site web d’entreprise. Pour garantir une confidentialité absolue et comme par le passé, nous n’utilisons dans le BKMS® Compliance System ni cookies de tiers ni technologies de marketing diverses.

Vous trouverez d’autres informations dans l’avis relatif à la protection des données.

En nuestra página web utilizamos cookies técnicamente necesarias, como las que se usan para almacenar sus ajustes de cookies, y, tras recabar su consentimiento, utilizamos también cookies de marketing que nos ayudan a mejorar nuestro sitio web y a llevar a cabo campañas publicitarias.

Para ello, hacemos uso también de tecnologías de terceros (Google, LinkedIn, Microsoft), en cuyo caso no se puede descartar que el tratamiento de datos se lleve a cabo en los EE. UU., donde no se garantiza un nivel adecuado de protección de datos. Los datos de las direcciones IP se anonimizan mediante acortamiento.

Su consentimiento es voluntario y puede ser revocado en cualquier momento. Tenga en cuenta que este aviso solo es de aplicación para la página web de nuestra empresa. Para garantizar una confidencialidad absoluta, en el BKMS® Compliance System no utilizamos cookies de terceros ni otras tecnologías de marketing.

Puede encontrar más información en el aviso de protección de datos.

Na nossa página de internet, utilizamos cookies necessários do ponto de vista técnico, por exemplo, para o armazenamento das suas definições de cookies e, após a sua autorização, também cookies de marketing que nos ajudam a melhorar a nossa presença na internet , bem como a realizar campanhas publicitárias.

No processo utilizamos também tecnologias de outros fornecedores (Google, LinkedIn, Microsoft), nos quais não é possível excluir um tratamento de dados nos EUA, onde não é garantido um nível de proteção de dados adequado. Os dados do endereço IP são anonimizados através de redução.

A sua autorização é voluntária e revogável em qualquer altura. Por favor, tenha em consideração que esta mensagem só é válida para a página de internet da nossa empresa. Para garantir absoluta confidencialidade, continuaremos a não utilizar no BKMS® Compliance System nem cookies de outros fornecedores nem outras tecnologias de marketing.

Encontrará mais informações no aviso relativo à proteção de dados

Sul nostro sito web utilizziamo cookie necessari dal punto di vista tecnico, ad esempio per salvare le impostazioni dei cookie e, se l'utente ha fornito il suo consenso, utilizziamo anche cookie di marketing che ci aiutano a migliorare il nostro sito web e realizzare campagne pubblicitarie.

A tale scopo, utilizziamo anche tecnologie di terze parti (Google, LinkedIn, Microsoft) per le quali non è possibile escludere il trattamento dei dati negli Stati Uniti, dove non è garantito un livello adeguato di protezione dei dati. I dati dell'indirizzo IP vengono resi anonimi mediante abbreviazione.

Il consenso dell'utente è volontario e revocabile in qualsiasi momento. Questo avviso si applica solo al nostro sito web aziendale. Per garantire la massima riservatezza, non utilizziamo nel BKMS® Compliance System né cookie di terze parti né altre tecnologie di marketing.

Maggiori informazioni sono disponibili nell'informativa sulla protezione dei dati.

Na naszej stronie wykorzystujemy niezbędne technicznie pliki cookie, np. do zapisywania ustawień cookie, oraz – po wyrażeniu zgody, również cookie marketingowe pomagające nam ulepszać naszą witrynę internetową oraz prowadzić kampanie reklamowe.

Wykorzystujemy przy tym również technologie od dostawców zewnętrznych (Google, LinkedIn, Microsoft), w przypadku których nie można wykluczyć przetwarzania danych na terenie USA, gdzie nie jest zapewniony dostatecznie wysoki poziom ochrony danych. Adresy IP są anonimizowane poprzez skrócenie.

Udzielana zgoda jest dobrowolna i można ją odwołać w dowolnym momencie. Prosimy pamiętać, że ta informacja dotyczy całej naszej strony. Dla zapewnienia pełnej poufności w BKMS® Compliance System nadal nie stosujemy plików cookie dostawców zewnętrznych ani innych technologii marketingowych.

Więcej informacji można znaleźć w informacji o ochronie danych.

Na našich webových stránkách používáme technicky nezbytné soubory cookie, například k uložení vašeho nastavení souborů cookie, a s vaším souhlasem také marketingové soubory cookie, které nám pomáhají vylepšovat naše webové stránky a provádět reklamní kampaně.

Při tom používáme technologie třetích stran (Google, LinkedIn, Microsoft), u nichž nelze vyloučit zpracování dat v USA, kde není zaručena adekvátní úroveň ochrany dat. Data IP adresy jsou anonymizována zkrácením.

Váš souhlas je dobrovolný a můžete jej kdykoli odvolat s účinkem do budoucna. Vezměte prosím na vědomí, že toto upozornění se vztahuje pouze na webové stránky naší firmy. Abychom zajistili absolutní důvěrnost, v systému BKMS® Compliance System nadále nepoužíváme žádné soubory cookie třetích stran ani jiné marketingové technologie.

Další informace naleznete v informacích k ochraně dat.

Používame technicky potrebné súbory cookies, napríklad na úschovu vašich nastavení cookie, a s vašim súhlasom tiež marketingové súbory cookies, ktoré nám pomáhajú zlepšovať našu webovú stránku a uskutočňovať reklamné kampane.

Používame tiež technológie od tretích strán (Google, LinkedIn, Microsoft), pre ktoré nemožno vylúčiť spracovanie údajov v USA, kde nie je zaručená primeraná úroveň ochrany údajov. Údaje IP adresy sú anonymizované skrátením.

Váš súhlas je dobrovoľný a je možné ho kedykoľvek odvolať. Upozorňujeme, že toto oznámenie sa týka iba webových stránok našej spoločnosti. Aby sme zaistili absolútnu dôvernosť, v BKMS® Compliance System naďalej nepoužívame súbory cookies tretích strán ani iné marketingové technológie.

Ďalšie informácie nájdete v oznámení o ochrane osobných údajov.

Show detailed settings Ausführliche Einstellungen anzeigen Montrer des paramètres détaillés Mostrar configuración detallada Apresentar configurações detalhadas Mostra le impostazioni dettagliate Pokaż szczegółowe ustawienia Zobrazit podrobná nastavení Zobraziť podrobné nastavenia Hide detailed settings Detaileinstellungen ausblenden Cacher les paramètres détaillés Ocultar los ajustes detallados Apresentar configurações detalhadas Nascondi le impostazioni dettagliate Ukryj szczegółowe ustawienia Ukryj szczegółowe ustawienia Ukryj szczegółowe ustawienia