Please send an email directly to our data security officer at email@example.com.
It is your data and our promise to manage it safely. We do our utmost to incorporate security in every aspect of our processes and products. Below are some of the key features:
Advanced user access management
Secure physical & digital authentication reduces the risk of improper access. With Role Base Access Control (RBAC) and Discretionary Access Control (DAC) we ensure only authorized employees have access to your data.
Data Encrypted at Rest and in Transit
With state-of-the-art encryption, we protect our customer data both at rest and in transit. All the communications between ecos products and the data center as well as between the data center and end users are secured using elliptical asymmetric encryption ECC with 233 bits.
Data at Rest
Data in Transit
(HTTPS/ TLS 1.2 encrypted)
In the rare instance of a data breach at ecos, we make sure to verify if all our customer’s data is safe or if it has been affected and endangers the rights and freedoms of their staff. In case this happens we immediately notify the customers concerned so that they can carry out their legal obligation to notify their staff and regulatory authority.
Recoverability and regular backups
A strict backup concept is followed to ensure the highest security. We conduct an incremental and weekly backup of all our customer’s data stored. If desired, our customers can retrieve this stored data via our ecos webman and subsequently delete it if necessary. The backup file is sent encrypted and can be stored by our customers. To restore and decrypt the data, it is mandatory to use our ecos webman software. The secret key required for decryption is stored securely within our application. In this way, our customers have full control over their data retention.
In the unlikely case of the total failure of our systems, our redundant data center guarantees that your data is not lost. As per our disaster recovery concept, the fastest possible recovery is delivered.
Verification of our security claims
We run audits of our procedures and products at regular intervals, generally once a year, in sync with the legal data protection requirements. The results of these audits are then used to take specific action to further enhance our documentation, processes and software features.
We also perform vulnerability and penetration tests in regular intervals. Those are performed either by IT specialists such as DITIS Systems or by customers such as military organisations, supermarket chains or railway companies.
Data protection isn’t negotiable. It is the right of every individual and at ecos we make sure to keep it that way. We ensures that our customer’s data is handled following the GDPR and they have the transparency where their data is, at all times.
Ownership of your data
You are and remain the sole owner and controller of your data as per the meaning specified in article 24 EU GDPR. We remain only the order processor who processes your data at your instructions and according to the data processing agreement.
You can access, modify or ask us to delete your data anytime as and when required.
Security of our data centers & customer’s data
ecos systems uses an ISO 27001 & CSA STAR certified data center within the European Union. It is operated by Microsoft, complies with Tier 4, and guarantees an uptime of 99.9995%.
Employees of the data center nor of Microsoft can gain access to your personal data. Our technical and organizational measures make sure to keep it like that. At ecos systems too, only the IT infrastructure team and our product team will have need-to-know data access. This will be required when processing service inquiries. And since our employees are trained in the guidelines laid out by the General Data Protection Regulation (GDPR), they are aware of the data secrecy requirements and the consequences of any breach. Similarly, all our subcontractors who may have access to your data, are bound by contractual privacy commitments.
If any of our customers terminate the business relationship, their data is immediately deleted from our data center. This also includes cached or backup copies.
GDPR compliant data processing & standards
Data protection is an integral part of our product strategy therefore when developing them we respect the stipulations of Art. 25 EU GDPR of data protection by design and by default.
We generally assume that we are compliant with the essential requirements of the EU GDPR today as we have reviewed the default settings of the entire application and adapted them to provide the highest-possible level of data protection while still ensuring user friendliness. Furthermore, the settings are generally all adaptable to the customer’s individual needs.
Supporting our customers to respect rights of data subjects
We support our customers to follow chapter 3 of EU GDPR ensuring the rights of data subjects to have access, obtain the erasure, and request portability of personal details.
In addition, ecos webman offers the option of anonymizing personal data automatically after a user-defined time interval or manually at any time.
This is the internationally recognized standard for managing risks associated with information security and describes the requirements for implementing & optimizing such a system.
ISO 9001 is the global standard that confirms a company’s or organization’s commitment to enhancing quality, delivering efficient operations & improving customer satisfaction.
This certificate is the globally recognized and applied standard for environmental management systems. It demonstrates the organization’s environmental commitments.
GDPR is the stringent data security and privacy law in the world. Though drafted and passed by EU, it imposes obligations on every company or organization to protect and follow its guidelines when dealing with people in the EU.