Technical and organizational measures (TOM)

Technical and organizational standard measures (TOM) for the protection of personal data of Modocu Software GmbH, Oppolzergasse 6/10, 1010 Vienna, hereinafter referred to as Modocu.

Confidentiality (Art. 32 para. 1 lit. b GDPR)

• Access control: Protection against unauthorized system use through passwords (including corresponding policy)
• Access control: No unauthorized reading, copying, modification or removal within the system, assignment of authorizations (roles, groups) for users

Integrity (Art. 32 para. 1 lit. b GDPR)

• Transmission control: No unauthorized reading, copying, modification or removal during electronic transmission or transport through encryption (HTTPS/TLS).
• Input control: Determining whether and by whom personal data has been entered.

Availability and resilience (Art. 32 para. 1 lit. b GDPR)

• Availability control: monitoring and notification in the event of application and application component failure. Protection against accidental or malicious destruction or loss through encrypted backups of database data and regular replication of media data.
• Recoverability: Recovery from backups of database data and media data.

Procedures for regular review, assessment and evaluation (Art. 32 para. 1 lit. d GDPR; Art. 25 para. 1 GDPR)

• Data protection management, including regular employee training;
• Data protection-friendly default settings;
• Order control: No commissioned data processing within the meaning of Art. 28 GDPR without corresponding instructions from the client or ordering of the products with the exception of test periods (trial period).