1. Service providers
Trusted Shops uses the German hosting provider Anexia and Amazon Web Services (AWS) as its infrastructure providers. AWS is also used for the rapid delivery of web assets, such as review stickers or the Trustbadge.
Anexia meets the most stringent data protection and security requirements. It has been certi-fied in accordance with ISO/IEC 27001:2005 since September 2012 and ISO/IEC 27001:2013 since November 2015. All data are processed exclusively in Germany at the locations in Frankfurt and Munich. For more information on Anexia's security standards please follow this link:
- The German Federal Office for Information Security (BSI – Bundesamt für Sicherheit in der Informationstechnik) C5 standard
- ISO/IEC 27001:2013 (where ISO stands for the International Organization for Standardization)
- SOC 1, SOC 2/SSAE 16/ISAE 3402 (SAS 70 Type II)
- PCI compliance Level 1
The datacenters are located in Frankfurt am Main. Current information on the security ar-rangements of AWS can be found at https://aws.amazon.com/de/region-frankfurt/.
The solution used to handle end-customer enquiries is the Zendesk ticketing system. Zendesk stores data in AWS data centres in the EU, fulfils the highest security requirements and has established Binding Corporate Rules approved by the competent data protection authority. Further information can be found at:
Trusted Shops uses the following subprocessors for the listed processing activities:
|Subprocessor||Processing activities||Server location||Appropriate Safeguards||Applicable services|
Amazon Web Services (AWS)
410 Terry Avenue North, Seattle WA 98109-5210, USA
|Hosting||Frankfurt a.M., Germany||Processing in the EU + Standard Contractual Clauses||All services|
Amazon Web Services (AWS)
410 Terry Avenue North, Seattle WA 98109-5210, USA
|Email dispatch||Dublin, Ireland||Processing in the EU + Standard Contractual Clauses||Review invites|
|ANEXIA Internetdienstleistungs GmbH, Feldkirchener Straße 140, 9020 Klagenfurt am Wörtersee, Österreich||Hosting||Frankfurt a.M. and Munich, Germany||Only when using the quality seals and guarantee services|
1019 Market Street
San Francisco, CA 94103
|Endkundensupport||EU||Processing in the EU + Binding Corporate Rules||
|IBM corporation c/o Instana | 71 S Wacker Drive | 7th Floor Chicago | IL 60606 | USA||Monitoring and Logging||EU, USA||Standard Contractual Clauses||Review invites, use of the review platform (incl. Submission of a review, display of a review and comments)|
|Logshero Ltd. (Logz.io), 28 Ha’arba’a St., Tel Aviv, Israel, 6473925||Logging||Israel, EU, USA||Adequacy decision, Standard Contractual Clauses||Review invites, use of the review platform (incl. Submission of a review, display of a review and comments)|
MARA Solutions GmbH
|Smart Review Assistant||EU||Use of the review platform (incl. Submission of a review, display of a review and comments)|
2. Pseudonymisation and encryption
Personal data are pseudonymised prior to transmission to enable the Trustbadge to compare them with those contained in the Trusted Shops system.
The trust badge is used to offer the rating services and, if applicable, buyer protection services. Whether a buyer is already registered for a product is automatically checked by means of a neutral parameter, the email address hashed by cryptological one-way function. The e-mail address is converted before transmission into this hash value, which cannot be decrypted by Trusted Shops with regard to users who are not contractual partners of Trusted Shops. The parameter is automatically deleted after checking for a match.
State-of-the-art transport encryption is used for the transmission of personal data. Passwords are stored in hashed form according to the current state of the art. Personal data stored in AWS and Zendesk data centres is encrypted using state-of-the-art technology where necessary and appropriate to the risk.
Data in backups is encrypted.
3. Confidentiality and integrity
Equipment access control
Measures designed to deny unauthorised persons (physical) access to equipment used for processing personal data.
Trusted Shops takes the following measures to ensure that unauthorised persons do not gain access to data processing systems in which data is processed:
- Access Policy and Security Zones
- Key Control / key list
- Chip card/transponder locking system
- Offices with a resistant outer shell
- Security locks
- Security and locking services
- Employee ID cards with photo
- Employee training with regard to secure behaviour in security zones
- Keeping a visitor’s log
Data processing and storage at AWS take place in the premises of AWS Frankfurt and in Anexia data centres in Frankfurt and Munich. The location of all the data centres is secret. They all have clearly defined security concepts.
Except for the access options provided to administrators and moderators as agreed with the client, access to the data centres in which the client's data are stored is impossible for employees of the contractor. No data processing takes place outside the data centre. Therefore, to document the equipment access control measures, the technical and organisational measures at the relevant AWS and Anexia data processing locations are described.
Access to the data centres is strictly controlled by all server and database service providers. The implemented measures include, among others:
- Video surveillance of the data centres and the surrounding area
- Movement sensors, intruder alarm system and security for the premises
- Division into safety zones / restricted areas
- Identity check by the gatekeeper or security service
- Full documentation and regular verification of any access granted
User access control
Measures designed to prevent the use of processing systems by unauthorised persons. In contrast to the equipment access control measures, these measures are, in particular via state-of-the-art encryption procedures, meant to prevent the intrusion into the electronic data-processing system by unauthorised persons. They also include measures designed to ensure that any attempt of unauthorised access does not go unnoticed.
To ensure this, Trusted Shops implements, among others, the following measures:
- Assignment of user rights
- Assignment of user profiles to IT systems
- Authentication with individual username/password
- Use of VPN technology
- Encryption of data carriers
- Use of anti-virus software
- Use of a hardware firewall
- Password policy (minimum length, complexity, occasion-related change)
- Regulations for dealing with user credentials in a secure manner
- Regulations for ensuring security in the workplace
Depending on the scope of services, data are processed either exclusively on the platform operated by AWS or in a mixed manner by both AWS and Anexia. Data can only be accessed via the functions provided (administration interfaces, web applications) to authorised persons.
All employees of Trusted Shops, AWS, and Anexia are contractually bound to data secrecy and to observe the respective internal security regulations, according to which they must lock the screen when leaving their workstation. Among others, the following security mechanisms are also used by the client's service providers:
- Password policies and procedures (minimum length, complexity)
- Electronic access control (two-factor authentication)
- Protection of notebooks and mobile data storage devices using hardware encryption
- Keeping a log of all essential administration activities and transactions
- Technical and organisational procedures in case of incidents or attacks
Data access and data media control
Measures designed to ensure that persons authorized to use processing systems have access only to the personal data covered by their access authorisation (data access control), measures to prevent the unauthorised reading, copying or modification of data media, in par-ticular through the use of state-of-the-art encryption procedures (data media control), as well as measures designed to ensure that any attempt of unauthorised access does not go unnoticed.
To ensure data access control, Trusted Shops takes, among others, the following measures:
- Authorisation concept
- Dedicated access levels (profiles, roles, transactions and objects)
- Administration of rights by system administrators
- Number of administrators reduced to the absolute minimum that is necessary
- Keeping a log of access to applications, especially during data entry, modification and deletion
- Encryption of data carriers in laptops
- Withdrawal of access rights in the event an employee leaves the company
- Regular review of the assigned access authorisations
Data access and data media control measures involve various systems that enable security analysis, change-tracking, and regulatory compliance monitoring. In addition, Trusted Shops, AWS, and Anexia provide employees with differentiated authorisations. User administration and allocation to groups takes place using an Active Directory. Each group has a role on which access control depends. Access to files which are not included in the access authorisa-tion is not possible.
Measures designed to ensure that personal data cannot be read, copied, altered, or deleted without authorisation during electronic transmission, transport or storage on data carriers, in particular through the use of state-of-the-art encryption methods, as well as measures to en-sure that data carriers containing personal data are transported to a shredder only in closed containers and in closed vehicles, so that no material can be lost. These measures include:
- Network security policy and measures implemented
- Logging and audit logs for network/system/application events to monitor or investigate anomalies
- Storage, transfer and transport on mobile data carriers is not permitted
- Use of encryption processes in accordance with the state-of-the-art when saving personal data in AWS databases.
- Apart from the data access and media control options provided to administrators in agreement with the client, employees of the contractor are unable to access the client's data.
- certified deletion of data media before reuse (by service providers according to NIST 800-88)
- proper destruction of data media (DIN 66399 taking into account the relevant protection classes and security levels)
- Use of document shredders or data destruction service providers (DIN 66399 taking into account the relevant protection classes and security levels)Logging of the destruction
- Encryption of data carriers in laptops
- Installation of dedicated lines or VPN tunnels
- Use of encrypted transfer methods, e.g. SFTP
- Password-protected files
- In the event of physical transportation: careful selection of transportation personnel
- Regulations on information classification and handling
Measures designed to ensure that it is subsequently possible to verify and establish whether and by whom personal data have been entered into, modified, or removed from data pro-cessing systems.
The client’s transmitted data are recorded by the platform in an audit-proof manner. Any sub-sequent modification or deletion of the client's data is also recorded by the platform. Employ-ees of the contractor have access to the required data only within the framework of the agree-ment with the client and within the scope of their function (e.g. moderation of feedback).
- Logging of the entry, alteration and deletion of data
- Traceability of entry, alteration and deletion of data by individual user names
- Deletion of data only possible with the corresponding authorisation
Measures designed to ensure that personal data processed on behalf of the controller can only be processed in compliance with the controller's instructions. These measures include:
- Clear contract design
- Contracts on data processing have been concluded with all subcontractors, whereby the requirements of the initial client (i.e. the controller) are also transferred to the subcontractors.
- Selection of the contractor taking certain key points into consideration
- Audit and documentation of the security measures taken by the contractor
- Written instructions for the contractor (e.g. by means of an order processing agreement) within the meaning of Art. 28 GDPR
- Agreement of effective control rights with regard to the contractor
Measures designed to ensure that personal data collected for different purposes can be pro-cessed separately (storage, modification, deletion, transmission). Among others, the following measures are implemented:
- Data will be imported into the system and displayed according to their intended use.
- Separation of data by client / customer
- Separation of functions / production environment / test environment
- Creation of an authorisation concept
4. Availability and recovery
Measures designed to ensure that personal data are available and protected against acci-dental loss and destruction and that systems may, in the case of malfunctions, be restored.
To ensure this, Trusted Shops takes, among others, the following measures:
- Backup and recovery concept to ensure rapid recoverability
- Storage of data backup at a secure, external location
- Regular checks on the functionality of the backup & recovery concept
- Redundant data centres
- Alarm signals in the event of unauthorised access to server rooms
- Redundant and uninterruptible power supply
- Devices for monitoring temperature and humidity in server rooms
- Air conditioning in server rooms
- Overvoltage protection
- Fire and smoke alarm systems, fire extinguishers in server rooms
- Firewall/anti-virus protection
- Server rooms not located close to water/wastewater systems
- Data centre with a resistant outer shell
At AWS, the platform is operated over several availability zones. By distributing the platform across multiple availability zones, the system remains stable in most types of failures, includ-ing natural disasters or system failures.
For more detailed measures please follow this link:
At Anexia primary and backup systems are also spatially separated. This spatial separation allows for the system’s productive restoration within a short time in most cases of breakdowns.
In general, the measures in this subsection include, among others:
- Automatic backup systems with regular recovery tests
- Daily snapshots of system configurations
- Raid data mirroring for hard drives
- Uninterruptible power supply (UPS)
- Antivirus measures / firewall technology
- Fire protection systems in accordance with applicable regulations
- Redundant cooling systems
5. Data protection by default / Data protection by design
With regard to privacy by default and privacy by design, the Trusted Shops products are gen-erally developed in such a way that only personal data that are actually required to fulfil the respective purpose are collected.
With regard to the scope of application of the contract on data processing on behalf of the con-troller, this means that, when the Review Collector or the automatic review collection feature are used, only personal data that are actually necessary for the sending of review reminders and the validation of customer reviews are collected. Further personal data, such as names, are always optional and are processed by Trusted Shops only if specifically instructed to do so by the client.
6. Regular verification procedures
IT security officer
Trusted Shops AG has appointed an internal IT security officer whose main tasks include the development, implementation, and monitoring of an information security management system.
Data protection officer
Trusted Shops AG has appointed a corporate data protection officer whose main tasks include the development, implementation, and monitoring of an data protection management system and the regular monitoring of processing activities and data protection measures.
A risk analysis is regularly carried out by the IT security officer in cooperation with the employ-ees in charge of IT in order to assess the current threat level and determine measures to be taken.
The results of the regular automated scans designed to reveal weak points are checked and processed by the IT security officer. The Trusted Shops AG systems are periodically checked for weak points by an external service provider.