econda takes data protection seriously! econda solutions meet all requirements of Germany's strict data-protection laws—and this has been confirmed by TÜV Saarland.
In fact, econda is the first provider to earn the "Certified Data Protection" seal issued by TÜV Saarland for the field of webshop controlling.
CERTIFIED DATA PROTECTION
HE MEANING OF INDIVIDUAL ASPECTS CERTIFIED BY TÜV:
- Data-protection compliance TÜV-certified: data protection as per requirements of Germany's Online-Services Act, Germany's Federal Data-Protection Act, and recommendations issued by the German Commissioner for Data Protection.
- Great data security: TÜV-certified data security at econda's computing centers
- Servers located in Germany: All data are under German jurisdiction.
- IP anonymization: All IP addresses are rendered indecipherable to safeguard the anonymity of visitors.
- Opt-out function: econda provides a convenient opt-out function for your website's visitors and for visitors to customer websites.
ABOVE AND BEYOND REQUIREMENTS OF DÜSSELDORF COMMITTEE
On November 26, 2009 the "Düsseldorf Committee"—an informal association of supervisory authorities for data protection in the private sphere—adopted a resolution which received a lot of attention: "Creation in compliance with data-protection laws of analytical methods for measuring the reach of online offers". econda customers are happy with the stipulated requirements; after all, they have been met for quite some time by econda solutions.
Specific requirements of the "Düsseldorf Committee" and corresponding econda measures:
|Requirements of the Düsseldorf Committee||Implemented by econda|
|"Affected parties must have an opportunity to opt out of the creation of usage profiles. Such objections must be implemented effectively."||econda opt-out option|
|"Pseudonymized usage data must not be stored together with data about the pseudonymous user. Usage data must be deleted as soon as the user requests this be done or the storage of said data is no longer necessary for creating the usage analysis."||Thanks to immediate anonymization, it is not even technologically possible to subsequently consolidate the sets of data.|
|"In the framework of data-protection policies on their websites, providers must explicitly refer to the creation of pseudonymous usage profiles and the possibility of opting out."||econda has already prepared a certified statement for its Monitor customers. Simply include it in your website!|
|"Without a user’s consent, his/her personal data may be collected and used only to the extent necessary for providing access to online services and billing the customer. Any use of data beyond the aforementioned requires the consent of the user in question."||econda does not track any data which can be traced back to a specific user. Thanks to the immediate anonymization of IP addresses, no personal data is collected during contractually compliant use.|
|"The analysis of usage patterns by means of complete IP addresses (including geolocation) is, on account of such data’s traceability to a certain individual, permissible only if said individual has knowingly and explicitly consented to this. If s/he has not consented, then the IP address must be abbreviated prior to any evaluation to eliminate the possibility of identifying said person."||econda solutions ensure immediate anonymization. The Geo-IP function itself is based on abbreviated IP addresses, rendering it impossible to identify a user|
RECOMMENDATIONS OF ARTICLE 29 WORKING PARTY REALIZED
econda complies with the recommendation (from June 12, 2012) issued by the Article 29 Working Party on the Protection of Individuals with regard to the Processing of Personal Data. It is an independent European Commission advisory body for data protection and privacy. Set up under Article 29 of the Data Protection Directive 95/46/EC from October 24, 1995, this body issues recommendations on the proper interpretation of data-protection regulations—such as the "cookie rule"—and their implementation at the national level. For more information, please access Wikipedia.
COLLECTION OF DATA BY THE ECONDA MONITOR FAMILY
Germany's Federal Data-Protection Act stipulates that personal data comprises any information concerning the personal or material circumstances of an identified or identifiable individual. Such data includes not only names, addresses, telephone numbers, and e-mail addresses, but also any IP address which makes it possible to identify a certain individual.
Because econda abbreviates IP addresses to anonymize data during collection, use in compliance with regulations means it is not possible for econda to identify a certain user. Anonymized data remains on econda servers and can be accessed there only by authorized customers. This aggregated data allows econda customers to analyze visitor flows and click paths, for instance, without the possibility of an individual user being identified.
We use personal data that is generated in the course of cultivating or maintaining a business relationship only in the scope of said relationship; under no circumstances do we use it otherwise and most certainly do not sell it.
ECONDA DATA REMAINS ON SERVERS IN GERMANY
All data collected stays at our computing center in Frankfurt. As certified in an independent report issued by TÜV Saarland (a German inspection authority), econda’s server centers meet the most stringent requirements regarding security and data protection. Because econda places the highest emphasis on ensuring the uninterrupted security of all data, there are no plans to relocate technological hosting infrastructure outside of Germany.
DATA PROTECTION AT ECONDA: TECHNOLOGICAL AND ORGANIZATIONAL MEASURES
All econda employees are instructed on their obligations regarding data protection, data minimization, and confidentiality. Moreover, they regularly receive in-house and external training. econda’s data-protection officer determines the relevance of new technological and legal developments, and recommends appropriate measures at once, if necessary, to ensure that econda customers continue to be on solid legal ground. Frequent data-protection audits verify econda’s infrastructural and organizational conformity with applicable laws and the state of data-protection technology.
INFORM YOUR USERS!
Explain to your website’s visitors the use of econda's data-protection-compliant solution and offer them a chance to simply and permanently opt out of the econda Tracking function. Add the following passage to your data-protection policy:
“To ensure the tailored design and optimum performance of this website, solutions and technologies by econda GmbH (www.econda.de) not only collect and store anonymized data, but also utilize this data to compile usage profiles by means of pseudonyms. Cookies can be used for this purpose which make it possible for an Internet browser to be recognized. Without the express consent of a visitor, however, usage profiles will not be stored together with data pertaining to the pseudonymous visitor. IP addresses, in particular, are rendered indecipherable immediately after receipt, which makes it impossible to match a usage profile with an IP address. Visitors to this website can opt out here—at any time—of the collecting and storing of their data.”
(Note: As regards opting out, please refer to the following link: http://www.econda.com/econda/company/data-protection/revocation-of-data-storage/)
QUESTIONS ABOUT DATA PROTECTION AT ECONDA?
If you would like to learn more about how all econda solutions satisfy the strict regulations of Germany’s data-protection laws, please download our latest statement on data protection Information on data protection (german PDF)
For information important to online-shop and website operators regarding the use of web analytics and data protection, please consult the econda Whitepaper on data protection and web analytics (german PDF).
If you have any questions, please do not hesitate to contact us via firstname.lastname@example.org or at Phone +49 (0)721 6630350.
We can gladly call you.
PERTINENT STANDARDS; LAWS; AND LINKS CONCERNING DATA PROTECTION
- German Federal Data-Protection Act (in German: BDSG) – BDSG
- German Online-Services Act (in German: TMG) - TMG
- Resolutions of the Düsseldorf Committee (supervisory data-protection authorities for the private sphere)
- Department of the Interior in Baden-Württemberg, Germany: Information Sheet on Web Analytics (german PDF)