Hintbox IT-Security & Data Protection

Our whistleblower system meets all IT security and data protection requirements. In particular, through our ISMS and secure Hintbox, all technical, organisational and regulatory requirements of the General Data Protection Regulation and the EU Whistleblower Directive (2019/1937) are met.

Get in touch with us
Deutscher Bundestag

Our IT-Security & Data Protection Seal

GDPR
German Server
SSL Encryption
End to End Encryption

Last successful penetration test on 25.08.2021

Our IT-Security & Data Protection Seal

GDPR
German Server
SSL Encryption
End to End Encryption

Last successful penetration test on 25.08.2021

Each Hintbox is a self-contained system. With isolated data storage and end-to-end encryption, your data is secure in its own database.

Test the HINTBOX free of charge
Test free of chargeGet in touch with us

OUR PROMISE OF SAFETY

Check

Implementation of an Information Security Management System (ISMS)

The protection of your data and information is one of our highest concerns. Therefore, we have implemented an ISMS in accordance with the requirements of ISO 27001 to comprehensively ensure the protection of your data. The scope of our ISMS is defined as follows:

“In-house development, provision and operation of software solutions as a service for use by end customers.”

Check

End-to-end encryption

Via our end-to-end encryption, all personal data and company information, such as trade secrets, are encrypted in our whistleblower system across all transmission stations. Only authorised persons can decrypt and view this data and information. The encryption takes place exclusively at the whistleblower’s or compliance manager’s premises. This means that the data arrives on our servers already encrypted so that neither we, lawcode GmbH, nor other third parties can read the information at any time.

Check

Regular auditing of the Hintbox by external auditors

The Hintbox is regularly audited positively by external companies. An IT security company carries out penetration tests to check the IT security of the Hintbox. This ensures that the Hintbox and your data are secure.

Check

Ensuring the integrity of the data through revision security

By using the highest and most modern encryption technologies and an audit-proof indexing of data entries and their changes, we also ensure data integrity in the Hintbox.

Check

Ensuring the availability of your data and information

Our Hintbox offers you an availability of 99.9% per year. This ensures the availability of your data and information.

Check

Ensuring anonymity

The Hintbox technically ensures the anonymity of a whistleblower in the case of an anonymous report. No IP or MAC addresses, location data or other information that allows conclusions to be drawn about a data subject are stored. The login data for an anonymous whistleblower for the purpose of anonymous communication between the whistleblower and the compliance officer or responsible person are also randomly and automatically generated.

In addition, all meta-data from file attachments that the whistleblower attaches to his or her report are deleted. This ensures that the files do not contain any personal data.

 

Check

GDPR-compliant data processing

Our Hintbox complies with the rules for processing personal data and therefore complies with the General Data Protection Regulation and the Federal Data Protection Act. We process the personal data exclusively according to documented instructions and on your behalf as an order processor. For this purpose, we conclude an agreement on commissioned processing with you. This agreement contains the high standards of technical and organisational measures (TOM) that we guarantee with our whistleblower system.

Check

Data hosting at an ISO/IEC 27001 certified data centre in Germany

All data of our whistleblower system is hosted in Germany in an ISO/IEC 27001 certified data centre. There is no data hosting and no data transfer to countries outside the EU.

Check

Implementation of deletion specifications

All personal data in the Hintbox can be deleted in accordance with the requirements of the General Data Protection Regulation and the EU Whistleblower Directive. This enables you to actually implement deletion requests and also deletion concepts in a legally compliant manner.

Check

Implementation of an authorisation concept

Our Hintbox enables the implementation of an authorisation concept. Only individual authorised persons are given access to the reports in the whistleblower system. In this way, you fulfil the requirements of data protection and ensure the necessary confidentiality.

Check

Ensuring the confidentiality of the data

We offer secure 2-factor authentication to every Hintbox user. Each customer receives their own separate Hintbox instance, ensuring stringent separation and processing of data.

Check

Help and support

Of course, our customer support will assist you with all IT-Security and data protection concerns. We support you in the processing of data protection rights of data subjects. We also support you in carrying out a data protection impact assessment and much more.

Are you prepared for the Whistleblower Directive?

CONTACT US WITHOUT OBLIGATION

11 + 3 =

You have Successfully Subscribed!