Initial Certification: 09/2015
As part of the ongoing pilot phase regarding the new EuroPriSe certification product “Website certification”, Business Keeper AG proved that the publicly available parts of the website www.business-keeper.com comply with EU data protection law. Visitors of www.business-keeper.com can be sure that processing of personal data that results from the interaction between their browsers and Business Keeper’s webserver is in line with the EU directives on data protection.
Function as provided in September 2015
View the www.business-keeper.com certificate
18/09/2015 – 30/09/2017
Inspection Catalogue v0.2
Within the pilot phase regarding the new EuroPriSe certification product “website certification”, only a shortened version of the applicable inspection catalogue is made publicly available. Based on the experiences of the pilot phase, an updated version of the inspection catalogue will be published at the beginning of regular operation of the new product “website certification”. This updated version will be pubished in full. View the shortened version of Inspection Catalogue v0.2.
Business Keeper AG
Bayreuther Straße 35
Website certification covers the publicly available parts of a website. It focuses on the interaction between a visitor of a website and the website when the visitor browses the publicly available parts of the website. By contrast, it does not cover data protection issues related to website content (e.g., published pictures, videos and personal data in textual format).
Access restricted parts of a website are out of scope, but may be certified as an IT-based service according to the respective EuroPriSe requirements. The same holds true for other website offerings that qualify as an IT-based service (e.g., web shops).
In the case at hand, it must be stressed that the web-based service BKMS® System (Business Keeper Monitoring System) which can be accessed via a customer login that is hyperlinked at www.business-keeper.com is out of scope of the EuroPriSe website certification. However, BKMS® System was already awarded the European Privacy Seal for IT products and IT-based services: Please find information on this certification here.
Target of Evaluation
The target of evaluation of the website pilot certification project www.business-keeper.com includes:
- All information (DE+EN as well as ES, PT, FR, IT, CS and SK) on the website that ensures transparency towards website visitors as far as data protection issues are concerned, namely
- the imprint,
- the information that is provided via the cookie banner;
- Issues related to the hosting of the webserver by a third party (namely: existence of a controller-processor agreement + a relevant ISO/IEC 27001:2005 certification);
- Processing of visitors’ IP addresses;
- Use of browser cookies;
- Communication security of personal data submitted by means of forms (proper encryption);
- Processing of personal data upon use of the contact form, subscription to Business Keeper’s Newsletter and subscription to the press mailing list;
- Functionality that allows visitors to recommend the website by means of a simple “mail to” functionality (* please cf. the explanation of this functionality below).
The ToE does not include:
- Customer login to BKMS® System: https://www.bkms-system.net/bkwebanon/report/clientInfo?cin=berma45231&language=eng.;
- Web interface that allows whistleblowers to submit a report.
* Explanation of the “mail to” functionality: Website visitors may click on an envelop icon at the left bottom of each webpage. As a result, the visitor’s e-mail client (if embedded) will open and create a new message with some basic recommendation text regarding the website. After entering the recipient’s email address and modifying the subject line and/or the recommendation text, the visitor may send the email to the recipient. Sender of the respective message ist the website visitor rather then the website owner (as opposed to some other recommendation means such as “tell a friend”).
The legal and technical evaluation by the EuroPriSe Experts confirmed that visitors of the publicly available parts of the website www.business-keeper.com can be sure that Business Keeper complies with all relevant requirements of the General Data Protection Directive (95/46/EC) and of the Directive on Privacy and Electronic Communications (2002/58/EC) as far as interaction between website visitors’ browsers and the webserver is concerned.
Ralf von Rahden
datenschutz cert GmbH
Dr. Irene Karper
datenschutz cert GmbH