Hintbox IT-Security & Data Protection
Our whistleblower system meets all IT security and data protection requirements. In particular, through our ISMS and secure Hintbox, all technical, organisational and regulatory requirements of the General Data Protection Regulation and the EU Whistleblower Directive (2019/1937) are met.
OUR PROMISE OF SAFETY
Implementation of an Information Security Management System (ISMS)
The protection of your data and information is one of our highest concerns. Therefore, we have implemented an ISMS in accordance with the requirements of ISO 27001 to comprehensively ensure the protection of your data. The scope of our ISMS is defined as follows:
“In-house development, provision and operation of software solutions as a service for use by end customers.”
Via our end-to-end encryption, all personal data and company information, such as trade secrets, are encrypted in our whistleblower system across all transmission stations. Only authorised persons can decrypt and view this data and information. The encryption takes place exclusively at the whistleblower’s or compliance manager’s premises. This means that the data arrives on our servers already encrypted so that neither we, lawcode GmbH, nor other third parties can read the information at any time.
Regular auditing of the Hintbox by external auditors
The Hintbox is regularly audited positively by external companies. An IT security company carries out penetration tests to check the IT security of the Hintbox. This ensures that the Hintbox and your data are secure.
Ensuring the integrity of the data through revision security
By using the highest and most modern encryption technologies and an audit-proof indexing of data entries and their changes, we also ensure data integrity in the Hintbox.
Ensuring the availability of your data and information
Our Hintbox offers you an availability of 99.9% per year. This ensures the availability of your data and information.
The Hintbox technically ensures the anonymity of a whistleblower in the case of an anonymous report. No IP or MAC addresses, location data or other information that allows conclusions to be drawn about a data subject are stored. The login data for an anonymous whistleblower for the purpose of anonymous communication between the whistleblower and the compliance officer or responsible person are also randomly and automatically generated.
In addition, all meta-data from file attachments that the whistleblower attaches to his or her report are deleted. This ensures that the files do not contain any personal data.
GDPR-compliant data processing
Our Hintbox complies with the rules for processing personal data and therefore complies with the General Data Protection Regulation and the Federal Data Protection Act. We process the personal data exclusively according to documented instructions and on your behalf as an order processor. For this purpose, we conclude an agreement on commissioned processing with you. This agreement contains the high standards of technical and organisational measures (TOM) that we guarantee with our whistleblower system.
Data hosting at an ISO/IEC 27001 certified data centre in Germany
All data of our whistleblower system is hosted in Germany in an ISO/IEC 27001 certified data centre. There is no data hosting and no data transfer to countries outside the EU.
Implementation of deletion specifications
All personal data in the Hintbox can be deleted in accordance with the requirements of the General Data Protection Regulation and the EU Whistleblower Directive. This enables you to actually implement deletion requests and also deletion concepts in a legally compliant manner.
Implementation of an authorisation concept
Our Hintbox enables the implementation of an authorisation concept. Only individual authorised persons are given access to the reports in the whistleblower system. In this way, you fulfil the requirements of data protection and ensure the necessary confidentiality.
Ensuring the confidentiality of the data
We offer secure 2-factor authentication to every Hintbox user. Each customer receives their own separate Hintbox instance, ensuring stringent separation and processing of data.
Help and support
Of course, our customer support will assist you with all IT-Security and data protection concerns. We support you in the processing of data protection rights of data subjects. We also support you in carrying out a data protection impact assessment and much more.