Please send an email directly to our data security officer at firstname.lastname@example.org.
It is your data and our promise to manage it safely. We do our utmost to incorporate security in every aspect of our processes and products. Below are some of the key features:
Secure physical & digital authentication reduces the risk of improper access. With Role Base Access Control (RBAC) and Discretionary Access Control (DAC) we ensure only authorized employees have access to your data.
With state-of-the-art encryption, we protect our customer data both at rest and in transit. All the communications between ecos products and the data center as well as between the data center and end users are secured using elliptical asymmetric encryption ECC with 233 bits.
(HTTPS/ TLS 1.2 encrypted)
In the rare instance of a data breach at ecos, we make sure to verify if all our customer’s data is safe or if it has been affected and endangers the rights and freedoms of their staff. In case this happens we immediately notify the customers concerned so that they can carry out their legal obligation to notify their staff and regulatory authority.
A strict backup concept is followed to ensure highest security. We conduct a incremental and weekly backup of all our customer’s data stored. If they choose so, our customers can download the stored data through our ecos webman. The backup file will be sent out encrypted and can be saved by our customers in parallel. In this way our customers have full control over their data retention.
In the unlikely case of the total failure of our systems, our redundant data center guarantees that your data is not lost. As per our disaster recovery concept, fastest possible recovery is delivered.
We run audits of our procedures and products at regular intervals, generally once a year, in sync with the legal data protection requirements. The results of these audits are then used to take specific action to further enhance our documentation, processes and software features.
We also perform vulnerability and penetration tests in regular intervals. Those are performed either by IT specialists such as DITIS Systems or by customers such as military organisations, supermarket chains or railway companies.
Data protection isn’t negotiable. It is the right of every individual and at ecos we make sure to keep it that way. We ensures that our customer’s data is handled following the GDPR and they have the transparency where their data is, at all times.
You are and remain the sole owner and controller of your data as per the meaning specified in article 24 EU GDPR. We remain only the order processor who processes your data at your instructions and according to the data processing agreement.
You can access, modify or ask us to delete your data anytime as and when required.
ecos systems uses a ISO 27001 & CSA STAR certified data center within the European Union. It is operated by Microsoft, complies with Tier 4 and guarantees an uptime of 99.9995%.
Neither data center staff nor Microsoft employees have or will ever have access to your data. At ecos systems too, only the IT infrastructure team and our product team will have a need-to-know data access. This will be required when processing service inquiries. And since our employees are trained in the guidelines laid out by the General Data Protection Regulation (GDPR), they are aware of the data secrecy requirements and the consequences of any breach. Similarly all our subcontractors who may have access to your data, are bound by contractual privacy commitments.
If any of our customers terminates the business relation, their data is immediately deleted from our data center. This also includes cached or backup copies.
Data protection is an integral part of our product strategy therefore when developing them we respect the stipulations of Art. 25 EU GDPR of data protection by design and by default.
We generally assume that we are compliant with the essential requirements of the EU GDPR today as we have reviewed the default settings of the entire application and adapted them to provide the highest-possible level of data protection while still ensuring user friendliness. Furthermore, the settings are generally all adaptable to the customer’s individual needs.
We support our customers to follow chapter 3 of EU GDPR ensuring the rights of data subjects to have access, obtain erasure and request portability of personal details.
Furthermore the ecos webman provides the possibility to pseudonymize personal data automatically after 30, 60 or 90 days, or manually at any point in time.
This is the internationally recognized standard for managing risks associated with information security and describes the requirements for implementing & optimizing such a system.
ISO 9001 is the global standard that confirms a company’s or organization’s commitment to enhancing quality, delivering efficient operations & improving customer satisfaction.
This certificate is the globally recognized and applied standard for environmental management systems. It demonstrates the organization’s environmental commitments.
GDPR is the stringent data security and privacy law in the world. Though drafted and passed by EU, it imposes obligations on every company or organization to protect and follow its guidelines when dealing with people in the EU.