The following measures are taken and regularly evaluated by both INH GmbH (hereinafter referred to as INH) and the data center operator Hetzner to protect the confidential and personal data of the client and its customers:
INH only uses server systems from data centre operators that have valid certifications and thus implement all technical and organizational measures in accordance with the GDPR. Hetzner relies on extensive measures certified according to various standards to prevent unauthorized access to processing systems. These include, among others:
Electronic access control for access to the data center and individual security areas. Hetzner uses RFID technology and biometric systems to ensure that only authorized persons are granted access.
The access control systems and the alarm systems are protected against power failure by UPS and diesel-powered emergency generators. In the event of malfunctions, access can be gained manually by authorized Hetzner employees.
Access to the INH systems is only possible by the group of persons defined by INH (management) and by a restricted group of persons at Hetzner.
Keys are issued to a limited group of people. Access authorizations are only issued to authorized persons (whitelist), whereby an identity check is carried out using official photo IDs. The handover of keys is documented.
Access is secured by a physical (RFID chip) and a biometric (fingerprint) identification feature. The INH server cabinets have a digital lock.
Visitors may only enter the data center when accompanied by authorized personnel or Hetzner employees.
Every use of an ID tag (RFID chip) or biometric system is recorded electronically and logged with time data.
Hetzner uses an intrusion alarm system whose messages are forwarded independently to the on-call services, which initiate appropriate measures in an emergency.
Both the outside areas and the security-relevant areas inside the data center are under video surveillance.
The data center premises are used exclusively for data processing and are not accessible to the public.
Hetzner guarantees that only authorized persons can access the data released for use. Measures such as encryption and access restrictions ensure that personal data cannot be read, copied, changed or removed without authorization during processing and storage.
Ayedo Cloud Solutions GmbH supports INH GmbH in the support and management of the IT infrastructure, in particular by operating and monitoring the container-based applications (Kubernetes and Docker). Ayedo offers customized cloud solutions and ensures the security and availability of the systems through the following measures:
Further measures by INH GmbH and Ayedo Cloud Solutions GmbH at the data center location at Hetzner:
Hetzner uses an uninterruptible power supply (UPS) for continuous operation in the event of a power failure. The UPS systems are designed with N+1 redundancy.
Emergency power generators secure longer power interruptions. Refueling during operation is possible if necessary. The gensets are maintained in accordance with the manufacturer’s specifications.
The data center is divided into several fire compartments. A gas extinguishing system and portable fire extinguishers are available for spot firefighting.
Hetzner uses a fire alarm system that activates the gas extinguishing system and alerts the on-call service.
Hetzner’s data centers are equipped with redundant air conditioning.
Customer cabinets and areas in the data center are physically secured by locked cabinets or cordoned-off areas. Access security, video surveillance and security services are in place in accordance with the access controls described.
Measures taken by INH GmbH:
Hetzner shall act exclusively within the framework and scope of INH GmbH’s orders and in accordance with its instructions.
The control measures are coordinated between INH and Hetzner and integrated into Hetzner’s operating procedures.
All Hetzner employees are committed to data protection, confidentiality and telecommunications secrecy.
Hetzner has appointed a data protection officer.
Hetzner employees are regularly trained in data protection issues. Measures taken by INH GmbH: