The following measures are taken and regularly evaluated both by INH GmbH (hereinafter referred to as INH) and by the data center operator telenetwork AG to protect confidential and personal data of the customer and its customers:
INH only uses server systems from data center operators that have valid certifications and thus implement all technical and organizational measures in accordance with the GDPR. telenetwork AG relies on extensive measures certified according to various standards to deny unauthorized persons access to processing systems. These include, among others:
Electronic access control upon entering the data center as well as into the respective security area.
Access control systems as well as the alarm systems are secured against power failure via UPS and backup power supply. ln the event of a malfunction, access to the data center can be made manually via a security locking system. This is only possible by telenetwork employees.
Access to the INH systems is only possible by the group of persons defined by INH (management) and by a restricted group of persons at telenetwork.
To a limited group of persons, exclusively to authorized persons (whitelist), identity check by means of official documents with photo (e.g. ID card) on handover, documentation of key handover.
Electronic: Access is secured by a physical (RFID chip) and a biometric (fingerprint) identification feature. Physical: INH server cabinets have their own digital lock.
Visitors are not allowed to be in the data center without being accompanied by authorized personnel or telenetwork employees.
Each use of an ID tag (RFID chip) or biometric requirement is electronically recorded and logged with time data.
Messages from the intrusion alarm system (intrusion, malfunction, etc.) are transmitted independently to telenetwork and the on-call service, which initiate appropriate measures.
The outer shell of the data center and access to security areas in the data center is monitored with video technology.
The premises of the data center are used only for the purpose of data processing, there is no public traffic.
telenetwork ensures that the persons authorized to use a data processing system can only access the data subject to their access authorization and that personal data cannot be read, copied, modified or removed without authorization during processing, use and after storage.
The data center is protected against short-term power failures by means of a UPS system.
Emergency power generators safeguard against longer power interruptions. Refueling during operation is possible if necessary. Emergency power generators are maintained according to manufacturer specifications.
Data center is divided into several separate fire compartments. Central gas extinguishing system and additional hand-held fire extinguishers for selective fire fighting.
Fire alarm system, which triggers the gas extinguishing system and triggers the alerting of the emergency and on-call service of the telenetwork AG on-call service.
The data center is equipped with redundant room air conditioning.
Customer cabinets or areas in the data center are physically secured separately by locked cabinets or barriers for the areas. Key concept, video surveillance, security service, etc. are available as described under "Access control".
telenetwork AG acts exclusively within the framework and scope of the order by INFINKON Health AG according to the specified instructions.
Control measures are defined in coordination between INFINKON and telenetwork and are technically and organizationally integrated into the operating procedures of telenetwork AG.
All telenetwork employees are bound to data protection / confidentiality, telecommunications secrecy and to secrecy.
A data protection officer has been appointed by telenetwork AG.
telenetwork employees are regularly instructed on data protection topics.