The technical and organisational security measures described in this chapter are only relevant for you if you use our training platform (LMS licence) or our course portal (BASIC licence). If you have opted for the SCORM licence, please ask your IT or LMS provider about the security measures taken.
Personal data is always pseudonymised, insofar as this is possible according to the intended use and does not require a disproportionate effort in relation to the intended protective purpose.
The training platform can only be accessed via https-encryption. Administrative access to the server system is only possible from our company network.
a) Physical Access
Our eLearning system is operated in a professional data center in Bremen, which has up-to-date access protection.
b) System Access
Administrative access is secured with complex 20-digit passwords consisting of upper- and lower-case letters as well as numbers and special characters. User accounts are enforced with 8-digit passwords that must contain upper- and lower-case letters as well as numbers.
c) Data Access
Only our privacy train team has administrative access to the system.
With the LMS licence, participants can only view their own learning status in the system. Coordinators also have access to the learning status of the entire group. With the BASIC licence, however, the learning status is not logged.
All connections to privacy train are https-encrypted.
e) Data Separation
With the LMS licence, all licence holder receive an independent and isolated client („own area“) in our system. This ensures that the user data of our customers does not get mixed up.
4. Data Integrity (input control)
The input, modification, and deletion of user data is automatically logged by our system.
We make backup copies of the data at regular intervals. The servers are also located in an air-conditioned room and are equipped with an uninterruptible power supply and up-to-date virus protection.
b) Control of processors
privacy train is hosted by our subcontractor PLUTEX GmbH in a professional data center in Bremen (Germany), which is certified according to ISO 27001. We have signed a data processing agreement (DPA) with the service provider in accordance with Art. 28 DSGVO.
6. Resilience of our systems
Resilient systems (hardware and software) are used that can withstand the expected stresses in terms of storage, access, and line capacities.
7. Review of measures
The technical and organisational measures are reviewed on an ongoing basis and, if necessary, are constantly being updated to comply with the latest standards.