Data Protection

The matter of data protection and data security is of vital importance for PASS and therefore given top priority. Data protection for PASS goes over and above legal requirements, is an essential image factor as well as an important quality and competitive factors. The extent of protection covers the handling of personal data from individuals as well as other confidential or sensitive data. As a data processor PASS is bound to professional secrecy for data saved at PASS and the right to refuse to disclose, applies to the same extent as for PASS customers. All PASS employees already undergo rigorous routine checks at their recruitment. They are bound to data secrecy, telecommunications secrecy and to keeping business secrets – also those of external clients/business partners (e.g. banking confidentiality). The priority of data protection is reflected by the continual investment in extensive and effective data protection and security systems. The risk of an unauthorized access is therefore technically reduced to a minimum and is much less than at clients where in personnel terms there is a lack of interest on the subject. 

Data Protection Measures

At PASS a comprehensive data protection concept is in force that contains the necessary precautionary measures to ensure the security of the objects and the database as well as uninterrupted operation from constructional, personnel, organizational and also technical perspectives. The entire processing procedures of data processing orders from data submission to the dispatch of files is developed and monitored in finely tuned processes. The protection requirements are secured through the clear separation of functions in operation.

Data Protection Policy

Our highest priority is data protection, this applies for our internet as well as our conventional services. At PASS we have established protection measures for the complete handling of confidential or security sensitive data that comply to and when possible and justified, go further than the applicable legislation for the protection of personal data and data security. The protection of personal data throughout your project is of great importance to us and we would like you, as our customer to feel secure. For this reason we would like to inform you here about the data protection measures we implement for our Internet offers.

Collection and Processing of Personal Data

When you visit our public websites, our web server temporarily saves as standard the connection data of the inquiring computer for security purposes; the websites of ours that you visited, the date and time of the visit, the identification data of the browser used and the type of operating system as well as the website you visited us from. However additional personal data such as your name, address, telephone number or email address is not recorded, unless this data is given freely by you, for example by registration, in a survey or a request for information.

Handling of E-Mail Addresses

If you send us an email, we will only use your email address for correspondence with you.

Information Option

If we have saved data on you, you can apply to receive, without charge information on the data saved on you. Please let us know if we have saved incorrect data on you so that we can correct, disable or delete it.

Security

PASS applies technical and organizational security measures in order to protect the data we manage for you from manipulation, loss, damage and access from unauthorized persons. Your data will be saved in a safe operating environment with no public access. Our security precautions are continually improved in accord with technological development.

Audit certificate

Deloitte – certificate of compliance to ISO71EC 27001:2005 standards for the implementation and utilization of an information security management system in Application Service Providing and Business Process Outsourcing of the PASS Riester Engine Zulagenverwaltung (PASS REZ).  – pension administration. This also includes the dispatch of pension allowance notifications.

Cookies

When you visit one of our websites, it is possible that we put information on your computer in the form of “cookies” which automatically recognize your computer on your next visit. Cookies allow us for example, to adapt a website to your interests or save your password so that you don’t need to enter it again every time. If you do not want us to recognize your computer set your Internet browser so that cookies are deleted from your computer hard drive, all cookies are blocked or that you are advised before a cookie is saved. For demand driven design and optimization of this website anonymous data is collected and saved using the services and technologies of econda GmbH and from this data user profiles are compiled using pseudonyms. Cookies may be used for this purpose that makes recognition of an Internet browser possible, however, user profile will not be consolidated with data from the bearer of the pseudonym unless consent is expressly given by the visitor. In particular IP addresses will be made unrecognizable immediately after receipt so that correlation to user profiles and IP addresses is not possible. Visitors to this website can object to future data collection and storage at anytime.

Web Analysis Services by Google Inc.

This website uses Google Analytics and Google Webmaster Tools, the web analysis services of Google Inc (“Google”). These services use so called “cookies”. Cookies are text files stored on your computer that make it possible to analyze user behavior. The information generated by the cookie about your use of this website will, as a rule, be transferred to a Google server in the USA and stored there. In the case of activation of IP anonymization on this website, your IP address will first be shortened by Google within member states of the European Union or other contractual states with agreements on the European Economic area. In only exceptional cases are full IP addresses transferred to a Google server in the USA and shortened there. Google on behalf of this website’s operator will use this information to analyze your usage of this website in order to compile reports on the activities there and provide the website operator with further website and Internet usage related services. The IP addresses collected from your web browser during web analysis will not be consolidated by Google. You can prevent the saving of cookies through the appropriate settings in your web browser software. In addition you can prevent the generation and use of website related data by Google using cookies (incl. your IP address), by downloading and installing the free available browser plugin . We would like to point out that this website uses Google Analytics with the extension code “gat._anonymizeIp();“ to ensure the anonymous collection of IP addresses (so called IP masking).

Link Tracking in E-Mails

We carry out link tracking for statistical purposes. It is not possible to identify individual users.You can unsubscribe to our newsletter at anytime either by using the convenient link at the bottom of every transmission, or by email to pass.unternehmenskommunikation@pass-consulting.com or by post to PASS IT-Consulting Dipl.-Inf. G. Rienecker GmbH & Co KG, Schwalbenrainweg 24, 63741 Aschaffenburg.

Contact

If you have any questions concerning the handling of your personal data please contact our Data Protection Officer. He and his team are available information, comments, suggestions and complaints.  

Data Protection Officer for the PASS Consulting Group

Günter Steiof

Phone: +49 (0) 6021 - 3881 - 0

Fax: +49 (0) 6021 - 3881 - 400

datenschutz@pass-consulting.com

The PASS public procedures directory according to § 4e of the Federal Data Protection Act (BDSG) Information on the responsible organization (§ 4e sentence 1 Nr. 1-3 BDSG)

1. Name of the responsible organization

PASS IT-Consulting Dipl. Inf. G. Rienecker GmbH & Co. KG

2. Address of the responsible organization 

Schwalbenrainweg 24, 63741 Aschaffenburg

3. Managing Director Dipl.-Inf.

Gerhard Rienecker

4. Head of Data Processing

Artur Lepold

5. Purpose of data collection, processing or use

The business area Research includes 

  • Internal software and product development
  • Innovation screening
  • Knowledge development and management
  • Prototyping and constructive quality assurance for customer projects as well asStrategic decision-making support.

Result types are software and product development based on latest technologies, innovation reports, studies, strategic analysis and decision-making support for strategic questions. Project management is – in addition to software development and IT-Consulting – a PASS core competence. Our set of methods - pLine (Project Management Line), cLine (Construction Line) and qLine (Quality Assurance Line) as well as our technologies such as the Solution Factory and automated migration (Migration Factory) guarantee project success.

In the business area Software, we develop solutions and products for the following sectors

  • Finance
  • Travel
  • Logistics
  • Telco

We offer these solutions under the following usage models:

  • Sourcecode
  • License
  • Hosting
  • ASP
  • On Demand

You can also have your IT solutions operated by PASS on a scalable basis. We offer our service technology (OMS and AEP), application management and system management as onsite services or in complete outsourcing  In addition to mandates to collect, process and use data, personal data concerning customers, suppliers and personal management, is also collected, processed and used and also for other purposes as well (e.g. business partners and prospective customers).

6. Description of affected persons, data or data categories

The affected person groups result from the purpose (No. 5). It concerns the following data categories in which a general distinction between order data and internal data for PASS’ own purposes is necessary. 

Order data:

The entire order data processing is exempt from the obligation to provide information, as the client is solely responsible for this data.

Data for PASS’ own purposes:

  • Customer/debtor data: e.g. contact person, address, contract, payment and control data of customers and other debtors e.g. clients
  • Vendor/creditor data: e.g. contract, settlement and control data of suppliers and service providers (EDV service, licenses, consulting services, training institutes, maintenance, workmen, cleaning)
  • Personnel data: e.g. planning, contract and settlement data of applicants, employees, pensioners and other eligible persons.
  • Other personal data: data from other business partners (e.g. system partners, chambers, associations, banks and public authorities) data on potential customers, visitor administration, video surveillance etc.
7. Recipients or categories of recipients to whom data can be communicated 
  • Public bodies, in so far that legal provisions demand this.
  • Internal bodies, in so far that this data is necessary for the orderly execution of the task
  • Service providers (§ 11 BDSG), used for the orderly settlement of business transactions
  • External bodies for the orderly fulfillment of purposes mentioned under (Nr.5)
8. Standard Periods for Data Deletion

Data is deleted after the expiry of legal or contractual retention periods. Provided that data is not affected by this, it is deleted when purposes mentioned in (Nr.5). no longer apply. Unless the concerned has agreed to data storage in writing.

9. Planned Data Transfer to Third Countries

At present there are no plans to transfer data to third countries.  In exceptional cases where a data transfer to a third country may be necessary, this will occur in accordance with the legal permissibility regulations according to §§ 4b und 4c BDSG.

10. Further Information

The general description supplies further information of the precautions and measures taken by PASS for data protection and data security according to § 11 BDSG.February 2013