European Privacy Seal for Business Keeper Monitoring System

European Privacy Seal for Business Keeper


European Privacy Seal for Business Keeper

Press Release Image Image

Product/
Version

BKMS® System (Business Keeper Monitoring System)
Version 2.3.7
Function as provided in May 2013

Qualification: IT-based service

View the BKMS v2.3.7 certificate

Cert. No. DE-130031
Validity 07/06/2013 – 30/06/2015
Monitoring 02/2014 10/2014
Public report BKMS Short Public Report [PDF] Image
Manufacturer/
Provider
ImageBusiness Keeper AG
Bayreuther Straße 35
10789 BerlinGermany
BEST The Business Keeper AG makes customers aware of relevant data protection requirements by means of an informative and comprehensible privacy leaflet.

The BKMS® System offers a “privacy functionality”: An examiner may specify personal data such as names or unique identifiers that are part of a report. The application of the privacy functionality results in the blacking of the specified data (making them unreadable). Only an examiner with the right to undo the privacy functionality is able to retrieve the original report.

The privacy functionality is a tool to facilitate the “need to know” principle and thus supports the principle of data avoidance and minimisation.

ATTENTION: The BKMS® System supports both reporting by name and anonymous / pseudonymous reporting. Customers are advised in a privacy leaflet to prefer reporting by name over anonymous / pseudonymous reporting to reduce the risk of misuse of the system.

Customers of Business Keeper AG may ask for a specific customisation in respect of anonymous / pseudonymous reporting or reporting by name. They are advised in the privacy leaflet to consult with the competent data protection authority if they want to deviate from the advise mentioned in the previous paragraph.

Summary The BKMS® System is a whistleblowing system, technically designed as a web based service (software as a service – SaaS). Customers of Business Keeper AG may provide a link to the system on their websites. Whistleblowers (e.g., employees of customers) may use the BKMS® System in order to report grievances (e.g., criminal activities such as fraud or embezzlement). The BKMS® System facilitates a dialogue between whistleblowers and examiners (e.g., compliance officers or corruption agents). Whistleblowers are enabled to set up a post box in order to exchange messages with examiners.
Details Whistleblowers can submit a report via a web form. They may reveal  their identity or act anonymously or pseudonymously. Furthermore, they are given the possibility to set up a post box and to conduct a dialogue with examiners (e.g., provide them with further relevant information on the particular grievance).

The reports that are stored in the BKMS® System database are encrypted using asymmetric encryption. The same holds true for the content of the communications between whistleblowers and examiners (in the post box scenario).

Examiners can access the BKMS® System via an https interface at https://www.business-keeper.com/for-clients.html.

Customers of Business Keeper AG qualify as controller of the processing of personal data that results from the use of the BKMS® System. The Business Keeper AG qualifies as processor on behalf of its customers. It is noteworthy that Business Keeper AG cannot access clear text, but only encrypted data.

Target of Evaulation (ToE) is the Business Keeper Monitoring System (BKMS® System) v.2.3.7, functionality as provided in May 2013. The ToE is available in three different configurations:

  • BKMS-Z: Collection, first verification and coordination of incoming reports by a central department;
  • BKMS-D: Reports are forwarded to the competent examiners by the system automatically;
  • BKMS-O: External experts (e.g., ombudsmen) deal with the collection and first verification of reports.

The ToE comprises a production system with a load balancer, two application servers and a database server as well as a development and test system.

Technical Evaluator

Legal Evaluator

Ralf von Rahden
datenschutz cert GmbH
Konsul-Smidt-Str. 88a
28217 Bremen
Germany
rrahden@datenschutz-cert.deDr. Irene Karper
datenschutz cert GmbH
Konsul-Smidt-Str. 88a
28217 Bremen
Germany
ikarper@datenschutz-cert.de
Formerly Certified Versions n.a.

 

Disclaimer:

This register is kept with the utmost care. However, EuroPriSe does NOT guarantee the accuracy of information found on the Site. Your  reliance on information found on the Site is at your own risk. For more information please go to EuroPriSe Terms & Conditions

Leave A Reply