European Privacy Seal for Business Keeper
European Privacy Seal for Business Keeper
Press Release
| Product/ Version |
BKMS® System (Business Keeper Monitoring System) Qualification: IT-based service |
|
|---|---|---|
| Cert. No. | DE-130031 | |
| Validity | 07/06/2013 – 30/06/2015 | |
| Monitoring | 02/2014 | 10/2014 |
| Public report | BKMS Short Public Report [PDF] |
|
| Manufacturer/ Provider |
Bayreuther Straße 35 10789 BerlinGermany |
|
| BEST | The Business Keeper AG makes customers aware of relevant data protection requirements by means of an informative and comprehensible privacy leaflet.
The BKMS® System offers a “privacy functionality”: An examiner may specify personal data such as names or unique identifiers that are part of a report. The application of the privacy functionality results in the blacking of the specified data (making them unreadable). Only an examiner with the right to undo the privacy functionality is able to retrieve the original report. The privacy functionality is a tool to facilitate the “need to know” principle and thus supports the principle of data avoidance and minimisation. |
|
| ATTENTION: | The BKMS® System supports both reporting by name and anonymous / pseudonymous reporting. Customers are advised in a privacy leaflet to prefer reporting by name over anonymous / pseudonymous reporting to reduce the risk of misuse of the system.
Customers of Business Keeper AG may ask for a specific customisation in respect of anonymous / pseudonymous reporting or reporting by name. They are advised in the privacy leaflet to consult with the competent data protection authority if they want to deviate from the advise mentioned in the previous paragraph. |
|
| Summary | The BKMS® System is a whistleblowing system, technically designed as a web based service (software as a service – SaaS). Customers of Business Keeper AG may provide a link to the system on their websites. Whistleblowers (e.g., employees of customers) may use the BKMS® System in order to report grievances (e.g., criminal activities such as fraud or embezzlement). The BKMS® System facilitates a dialogue between whistleblowers and examiners (e.g., compliance officers or corruption agents). Whistleblowers are enabled to set up a post box in order to exchange messages with examiners. | |
| Details | Whistleblowers can submit a report via a web form. They may reveal their identity or act anonymously or pseudonymously. Furthermore, they are given the possibility to set up a post box and to conduct a dialogue with examiners (e.g., provide them with further relevant information on the particular grievance).
The reports that are stored in the BKMS® System database are encrypted using asymmetric encryption. The same holds true for the content of the communications between whistleblowers and examiners (in the post box scenario). Examiners can access the BKMS® System via an https interface at https://www.business-keeper.com/for-clients.html. Customers of Business Keeper AG qualify as controller of the processing of personal data that results from the use of the BKMS® System. The Business Keeper AG qualifies as processor on behalf of its customers. It is noteworthy that Business Keeper AG cannot access clear text, but only encrypted data. Target of Evaulation (ToE) is the Business Keeper Monitoring System (BKMS® System) v.2.3.7, functionality as provided in May 2013. The ToE is available in three different configurations:
The ToE comprises a production system with a load balancer, two application servers and a database server as well as a development and test system. |
|
| Technical Evaluator
Legal Evaluator |
Ralf von Rahden datenschutz cert GmbH Konsul-Smidt-Str. 88a 28217 Bremen Germany rrahden@datenschutz-cert.deDr. Irene Karper datenschutz cert GmbH Konsul-Smidt-Str. 88a 28217 Bremen Germany ikarper@datenschutz-cert.de |
|
| Formerly Certified Versions | n.a. | |
Disclaimer:
This register is kept with the utmost care. However, EuroPriSe does NOT guarantee the accuracy of information found on the Site. Your reliance on information found on the Site is at your own risk. For more information please go to EuroPriSe Terms & Conditions