1. Service providers
Trusted Shops uses the German hosting provider Anexia and Amazon Web Services (AWS) as its infrastructure providers. AWS is also used for the rapid delivery of web assets, such as review stickers or the Trustbadge.
Anexia meets the most stringent data protection and security requirements. It has been certified in accordance with ISO/IEC 27001:2005 since September 2012 and ISO/IEC 27001:2013 since November 2015. All data are processed exclusively in Germany at the locations in Frankfurt and Munich. For more information on Anexia's security standards please follow this link:
The AWS data centres meet the most stringent security and data protection requirements. They have been tested, among others, in accordance with the following standards:
- The German Federal Office for Information Security (BSI – Bundesamt für Sicherheit in der Informationstechnik) C5 standard
- ISO/IEC 27001:2013 (where ISO stands for the International Organization for Standardization)
- SOC 1, SOC 2/SSAE, and 16/ISAE3402 (SAS 70 Type II)
- PCI compliance Level 1
The datacenters are located in Frankfurt am Main. Current information on the security arrangements of AWS can be found at https://aws.amazon.com/de/region-frankfurt/.
Dispatch of e-mails
Trusted Shops uses Mailjet SAS and AWS for sending transaction e-mails.
Mailjet operates its servers exclusively in the EU and meets stringent data protection requirements. Mailjet is a member of the Certified Senders Alliance (CSA) and commits to comply with stringent legal and technical quality standards.
Current information on the protection of personal data at Mailjet can be found at https://www.mailjet.com/privacy-policy/?_ga=2.57373352.325749057.1530778682-1383273496.1530778682.
2. Pseudonymisation and encryption
Personal data are pseudonymised prior to transmission to enable the Trustbadge to compare them with those contained in the Trusted Shops system.
State-of-the-art transport encryption is used for the transmission of personal data. Passwords are stored in encrypted form with state-of-the-art technology. Personal data in AWS data centres is stored in encrypted form with state-of-the-art technology.
Measures designed to deny unauthorised persons (physical) access to equipment used for processing personal data.
Trusted Shops takes the following measures to ensure that unauthorised persons do not gain access to data processing systems in which data is processed:
- Key control / key list
- Chip card/transponder locking system
- Offices with a resistant outer shell
- Security locks
- Security and locking services
- Employee training with regard to secure behaviour in security zones
- Keeping a visitor’s log
Data processing and storage at AWS take place in the premises of AWS Frankfurt and in Anexia data centres in Frankfurt and Munich. The location of all the data centres is secret. They all have clearly defined security concepts.
Except for the access options provided to administrators and moderators as agreed with the client, access to the data centres in which the client's data are stored is impossible for employees of the contractor. No data processing takes place outside the data centre. Therefore, to document the equipment access control measures, the technical and organisational measures at the relevant AWS and Anexia data processing locations are described.
Access to the data centres is strictly controlled by all server and database service providers. The implemented measures include, among others:
- Video surveillance of the data centres and the surrounding area
- Movement sensors, intruder alarm system and security for the premises
- Division into safety zones / restricted areas
- Identity check by the gatekeeper or security service
- Full documentation and regular verification of any access granted
Measures designed to prevent the use of processing systems by unauthorised persons. In contrast to the equipment access control measures, these measures are, in particular via state-of-the-art encryption procedures, meant to prevent the intrusion into the electronic data-processing system by unauthorised persons. They also include measures designed to ensure that any attempt of unauthorised access does not go unnoticed.
To ensure this, Trusted Shops implements, among others, the following measures:
- Assignment of user rights
- Assignment of user profiles to IT systems
- Authentication with individual username/password
- Use of VPN technology
- Encryption of data carriers
- Use of anti-virus software
- Use of a hardware firewall
- Password policy
- Regulations for dealing with user credentials in a secure manner
- Regulations for ensuring security in the workplace
Depending on the scope of services, data are processed either exclusively on the platform operated by AWS or in a mixed manner by both AWS and Anexia. Data can only be accessed via the functions provided (administration interfaces, web applications) to authorised persons.
All employees of Trusted Shops, AWS, and Anexia are contractually bound to data secrecy and to observe the respective internal security regulations, according to which they must lock the screen when leaving their workstation. Among others, the following security mechanisms are also used by the client's service providers:
- Password policies and procedures (minimum length, complexity)
- Electronic access control (two-factor authentication)
- Protection of notebooks and mobile data storage devices using hardware encryption
- Keeping a log of all essential administration activities and transactions
- Technical and organisational procedures in case of incidents or attacks
Measures designed to ensure that persons authorized to use processing systems have access only to the personal data covered by their access authorisation (data access control), measures to prevent the unauthorised reading, copying or modification of data media, in particular through the use of state-of-the-art encryption procedures (data media control), as well as measures designed to ensure that any attempt of unauthorised access does not go unnoticed.
To ensure data access control, Trusted Shops takes, among others, the following measures:
- Authorisation concept
- Administration of rights by system administrators
- Number of administrators reduced to the absolute minimum that is necessary
- Password guidelines including password complexity
- Keeping a log of access to applications, especially during data entry, modification and deletion
- Physical deletion of data carriers prior to reuse
- Proper destruction of data carriers (DIN 66399)
- Use of document shredders and/or external service providers
- Keeping a log of destruction procedures
- Encryption of data carriers in laptops
- Withdrawal of access rights in the event an employee leaves the company
Data access and data media control measures involve various systems that enable security analysis, change-tracking, and regulatory compliance monitoring. In addition, Trusted Shops, AWS, and Anexia provide employees with differentiated authorisations. User administration and allocation to groups takes place using an Active Directory. Each group has a role on which access control depends. Access to files which are not included in the access authorisation is not possible.
Among others, the following mechanisms are used:
- Dedicated access levels (profiles, roles, transactions, and objects)
- Client separation
- Access evaluation
- Notification of role changes
- Immediate deactivation of accounts when employees leave the company
Measures designed to ensure that personal data cannot be read, copied, altered, or deleted without authorisation during electronic transmission, transport or storage on data carriers, in particular through the use of state-of-the-art encryption methods, as well as measures to ensure that data carriers containing personal data are transported to a shredder only in closed containers and in closed vehicles, so that no material can be lost. These measures include:
- Storage, transfer and transport on mobile data carriers is not permitted
- The ways of data transfer via the Internet are agreed individually with the client.
- Data carriers of the client are not used.
- Use of encryption processes in accordance with the state-of-the-art when saving personal data in AWS databases.
- Apart from the data access and media control options provided to administrators in agreement with the client, employees of the contractor are unable to access the client's data.
- The disposal of data media is carried out by a certified service provider.
- Installation of dedicated lines or VPN tunnels
- Use of encrypted transfer methods, e.g. SFTP
- Password-protected files
- In the event of physical transportation: careful selection of transportation personnel
- Regulations on information classification and handling
Measures designed to ensure that it is subsequently possible to verify and establish whether and by whom personal data have been entered into, modified, or removed from data processing systems.
The client’s transmitted data are recorded by the platform in an audit-proof manner. Any subsequent modification or deletion of the client's data is also recorded by the platform. Employees of the contractor have access to the required data only within the framework of the agreement with the client and within the scope of their function (e.g. moderation of feedback).
- Logging of the entry, alteration and deletion of data
- Traceability of entry, alteration and deletion of data by individual user names
- Deletion of data only possible with the corresponding authorisation
Measures designed to ensure that personal data processed on behalf of the controller can only be processed in compliance with the controller's instructions. These measures include:
- Clear contract design
- Details of data processing on behalf of the controller can be found in the corresponding contract
- Contracts on data processing have been concluded with all subcontractors, whereby the requirements of the initial client (i.e. the controller) are also transferred to the subcontractors.
- Selection of the contractor taking certain key points into consideration
- Audit and documentation of the security measures taken by the contractor
- Written instructions for the contractor (e.g. by means of an order processing agreement) within the meaning of Art. 28 GDPR
- Agreement of effective control rights with regard to the contractor
Measures designed to ensure that personal data collected for different purposes can be processed separately (storage, modification, deletion, transmission). Among others, the following measures are implemented:
- Data will be imported into the system and displayed according to their intended use.
- Separation of data by client / customer
- Separation of functions / production environment / test environment
- Creation of an authorisation concept
Measures designed to ensure that personal data are available and protected against accidental loss and destruction and that systems may, in the case of malfunctions, be restored.
To ensure this, Trusted Shops takes, among others, the following measures:
- Redundant data centres
- Alarm signals in the event of unauthorised access to server rooms
- Redundant and uninterruptible power supply
- Equipment to monitor temperature and humidity in server rooms
- Backup and recovery concept
- Air conditioning in server rooms
- Rapid recoverability
- Overvoltage protection
- Storage of data backup at a secure, external location
- Fire and smoke alarm systems, fire extinguishers in server rooms
- Firewall/anti-virus protection
- Server rooms not located close to water/wastewater systems
- Regular stress tests by independent testing organisations
- Data centre with a resistant outer shell
At AWS, the platform is operated over several availability zones. By distributing the platform across multiple availability zones, the system remains stable in most types of failures, including natural disasters or system failures.
For more detailed measures please follow this link:
At Anexia primary and backup systems are also spatially separated. This spatial separation allows for the system’s productive restoration within a short time in most cases of breakdowns.
In general, the measures in this subsection include, among others:
- Automatic backup systems with regular recovery tests
- Daily snapshots of system configurations
- Raid data mirroring for hard drives
- Uninterruptible power supply (UPS)
- Antivirus measures / firewall technology
- Fire protection systems in accordance with applicable regulations
- Redundant cooling systems
With regard to privacy by default and privacy by design, the Trusted Shops products are generally developed in such a way that only personal data that are actually required to fulfil the respective purpose are collected.
With regard to the scope of application of the contract on data processing on behalf of the controller, this means that, when the Review Collector or the automatic review collection feature are used, only personal data that are actually necessary for the sending of review reminders and the validation of customer reviews are collected. Further personal data, such as names, are always optional and are processed by Trusted Shops only if specifically instructed to do so by the client.
Trusted Shops GmbH has appointed an internal IT security officer whose main tasks include the development, implementation, and monitoring of an information security management system.
A risk analysis is regularly carried out by the IT security officer in cooperation with the employees in charge of IT in order to assess the current threat level and determine measures to be taken.
The results of the regular automated scans designed to reveal weak points are checked and processed by the IT security officer. The Trusted Shops GmbH systems are periodically checked for weak points by an external service provider.