IT Security and Data Protection Policy
As information and communication systems are vulnerable on account of the high degree of complexity, the danger of considerable economic damage is given. Personal information is to be protected at best and constantly by an active data protection and IT security management against the danger of loss of confidentiality, availability and integrity, considering legal and contractual regulations. On account of the business content, ElringKlinger AG must guarantee in particular the protection of the right of selfdetermination of the individual, the secrecy of telecommunications, the protection of traffic data as well as the customer protection by suitable measures. To accomplish the required tasks, it is indispensable that personal data of customers, suppliers and employees, are stored, processed and even transferred in certain cases.
- All employees of the ElringKlinger AG are responsible for the observance of measures relevant for security and data protection and are to be sensitized accordingly. The employees and all persons acting on behalf of the ElringKlinger AG are obliged to observe laws as well as to protect trade secrets. The Board of Directors of the ElringKlinger AG is responsible for compliance with legal requirements for data protection and information security.
- The principle of proportionality provides the basis for data processing, which means that only data are stored and processed that are actually required by the ElringKlinger AG. The ElringKlinger AG is committed to take measures to ensure the respect for and protection of personal data.
- Data protection shall ensure confidentiality, availability and integrity of data in nets, systems and data storage devices. Data processing is protected during all phases, data backup has to be performed regularly. Equally, it must be ensured that disposal is effected in compliance with data privacy laws. For this purpose, the ElringKlinger AG takes appropriate technical and organizational measures.
- If they are subject to contract data processing, contractual partners have to follow the instructions of ElringKlinger AG.
- The restriction of access to information is to be protected by authorization profiles. Any access is to be recorded for reasons of traceability. Information and components are to be protected against act of nature beyond control (natural disasters), fire, water and drug-related crime. Information security risks are to be assessed regularly.
- Publicly available information as well as information that has been made available within the scope of chat rooms, message boards offered on ElringKlinger websites, is collected. ElringKlinger assumes no responsibility and liability for the use of disclosed personal data by a third party.