Data protection and data security at Druckerei Kyburz AG
The Kyburz AG print shop takes its responsibility in the area of data protection and data security very seriously. It does everything in its power to protect and process the personal data it receives in accordance with the current state of the art. This document is intended to provide a general overview of the security concept implemented.
General provisions on handling personal data
Third-party data: If the data records to be supplied are not those of the company's own customers and/or interested parties who are to be advertised for the company's own services, but (also) third-party data records from third parties, the client must observe the following: Legally, it is necessary that all list owners agree in writing to the data processing commissioned here.
Delivery of personal data: Each data delivery must be accompanied by meaningful delivery bills (sender, recipient, file name, address quantity, indication of user and action as well as record structure, processing instructions) in writing.
Data transmission: If a non-secure transmission is used, the Printer declines any liability in case of data leakage. Transmissions considered to be insecure are described in the appendix (Data transmission).
Data content: Druckerei Kyburz AG accepts no liability for the content of the data supplied; neither for its correctness nor for compliance with the data protection laws of the respective countries.
Data transfer: Personal order data may not be passed on to third parties by the print shop without the written consent of the customer.
Right of inspection: the client has the right to inspect compliance with our data protection guidelines, with regard to confidential order data, subject to a reasonable advance notice period.
Robinson list: We would like to point out that you, as a customer, have the option of comparing your data with the DDV Robinson list.
Note for data deliveries from EU countries: The address generator must inform the data subjects about the data processing and about the right to object to advertising at the time of collection of this data and in the event of a later decision about the advertising purpose, in time before this further processing.
Data security at Druckerei Kyburz AG General protection: The virus protection and firewall of Druckerei Kyburz AG are constantly up to date with the latest technology.
Premises: The programming premises are secured via an electronic time lock. The virtualization concept of Druckerei Kyburz AG ensures that all data is kept centrally. Our server room is secured via an electronic lock. Windows to the room are secured with grids. All access is logged electronically.
Data transmission: When an order is placed, online access to daten.kyburzdruck.ch (https, ftps) is automatically created for the transmission of order data to Druckerei Kyburz AG. This access is valid until the order is completed. The access data can be requested from the respective order processor.
Incoming: All data transmitted to this server is encrypted and moved to the internal server (order-related) no later than 5 minutes after receipt. This ensures the order-related use of the data. This type of data transfer is to be preferred and is mandatory for particularly sensitive and personal data.
Outgoing: If data is made available for output by the print shop, a folder with the designation 'output' appears in the respective access. This folder contains data provided to the customer. This folder and its contents are deleted daily at 02:00 (and at least 24h old).
Data processing: Each job has its own virtual Windows Server 2016 computer. This guarantees the encapsulation of the order data. These computers do not have access to the Internet and cannot receive or send e-mails. Data can only be transferred to the order via a single interface. The release of confidential order data is strictly prohibited. These order computers have regulated password provisions. Only a certain number of terminals/users can access these virtual computers. These terminals have regulated password provisions. These terminals do not have access to the Internet and cannot receive or send e-mails. Each logon (user) to a terminal is logged. Every connection (terminal) to an order computer is logged; this connection is completely encrypted. No confidential job data is transported unencrypted over the company network.
Data output: Data is made available to the processing plants in machine-readable form on a protected server. Access to the data is protected and logged. This data is automatically deleted at the end of production.
Data destruction: After order completion (2 days after production):
- the confidential order data is moved to a secure archive for 3 months. This data can be recovered by 2 people. After exactly 90 days, this data is then automatically deleted;
- the non-confidential order data is archived;
- the order computer is deleted - no data remains.
Any waste, misproduction, etc. is shredded by us in a certified manner according to banking standards.
Procedures for .review, assessment and evaluation of data protection and data security provisions. The provisions are revised, evaluated and reviewed in the following cases:
1. annual audit to .verify compliance with the privacy and data security provisions.
2. risk analysis with optimization strategy will be performed in the following situation:
a. Adjustments in the IT infrastructure or IT organization.
b. Adjustments to the building infrastructure (floor plan, doors, locking systems)
c. Changes in legislation
d. Significant technological changes
For questions or in case of uncertainties regarding data protection/data security, please contact your order processor.
Druckerei Kyburz AG, October 1, 2020