Image

Disclaimer:

This register is kept with the utmost care. However, EuroPriSe does NOT guarantee the accuracy of information found on the Site. Your reliance on information found on the Site is at your own risk. For more information please go to EuroPriSe Terms & Conditions.

Product/Version

BKMS® System (Business Keeper Monitoring System)
Version 3.1
Function as provided in April 2015

Qualification: IT-based service

View the BKMS v3.1 certificate 

Cert. No.

EP-S-VZLYWC

Validity

13/08/2015 - 31/08/2017 

Initial Certification on June 07, 2013

Monitoring

04/2016 (O.K.)

12/2016

Public report

2015 Short Public Report BKMS v3.1 [PDF] Image

2013 Short_Public_Report_BKMS_[PDF] Image

2013 Short_Public_Report_BKMS_[PDF] Image

Manufacturer/Provider

Business Keeper AG
Bayreuther Straße 35
10789 Berlin

Germany

BEST

The Business Keeper AG makes customers aware of relevant data protection requirements by means of an informative and comprehensible privacy leaflet.

The BKMS® System offers a "privacy functionality": An examiner may specify personal data such as names or unique identifiers that are part of a report. The application of the privacy functionality results in the blacking of the specified data (making them unreadable). Only an examiner with the right to undo the privacy functionality is able to retrieve the original report.

The privacy functionality is a tool to facilitate the "need to know" principle and thus supports the principle of data avoidance and minimization.

ATTENTION:

The BKMS® System supports both reporting by name and anonymous / pseudonymous reporting. Customers are advised in a privacy leaflet to prefer reporting by name over anonymous / pseudonymous reporting to reduce the risk of misuse of the system.

Customers of Business Keeper AG may ask for a specific customisation in respect of anonymous / pseudonymous reporting or reporting by name. They are advised in the privacy leaflet to consult with the competent data protection authority if they want to deviate from the advise mentioned in the previous paragraph.

Summary

The BKMS® System is a whistleblowing system, technically designed as a web based service (software as a service - SaaS). Customers of Business Keeper AG may provide a link to the system on their websites. Whistleblowers (e.g., employees of customers) may use the BKMS® System in order to report grievances (e.g., criminal activities such as fraud or embezzlement). The BKMS® System facilitates a dialogue between whistleblowers and examiners (e.g., compliance officers or corruption agents). Whistleblowers are enabled to set up a post box in order to exchange messages with examiners.

Details

Recertification 2015:

The ToE version has changed from 2.7.3 to 3.1. Apart from layout, hotfixes, patches and some internal organisational documents nothing relevant with regard to the ToE has been added, nothing has been removed.

SSLv3 has been turned off. The session key is now automatically changed. Freak-Prevention avoids the use of lower key standards. The connection of TOMCAT and database has been encrypted.

Initial Certification 2013:

Whistleblowers can submit a report via a web form. They may reveal  their identity or act anonymously or pseudonymously. Furthermore, they are given the possibility to set up a post box and to conduct a dialogue with examiners (e.g., provide them with further relevant information on the particular grievance).

The reports that are stored in the BKMS® System database are encrypted using asymmetric encryption. The same holds true for the content of the communications between whistleblowers and examiners (in the post box scenario).

Examiners can access the BKMS® System via an https interface at https://www.business-keeper.com/for-clients.html.

Customers of Business Keeper AG qualify as controller of the processing of personal data that results from the use of the BKMS® System. The Business Keeper AG qualifies as processor on behalf of its customers. It is noteworthy that Business Keeper AG cannot access clear text, but only encrypted data.

Target of Evaulation (ToE) is the Business Keeper Monitoring System (BKMS® System) v.2.7.3, functionality as provided in May 2013. The ToE is available in three different configurations:

  • BKMS-Z: Collection, first verification and coordination of incoming reports by a central department;
  • BKMS-D: Reports are forwarded to the competent examiners by the system automatically;
  • BKMS-O: External experts (e.g., ombudsmen) deal with the collection and first verification of reports.

The ToE comprises a production system with a load balancer, two application servers and a database server as well as a development and test system.

Technical Evaluator

Ralf von Rahden
datenschutz cert GmbH
Konsul-Smidt-Str. 88a
28217 Bremen
Germany
rrahden@datenschutz-cert.de

Legal Evaluator

Dr. Irene Karper
datenschutz cert GmbH
Konsul-Smidt-Str. 88a
28217 Bremen
Germany
ikarper@datenschutz-cert.de

Formerly Certified Versions

v2.7.3

View the BKMS v2.7.3 certificate

Image

European Privacy Seal for Business Keeper

Business Keeper AG proved that its IT-based service "Business Keeper Monitoring System (BKMS)" complies with EU data protection law. The BKMS® System is a whistleblowing system, technically designed as a web based service (software as a service - SaaS). Users of BKMS are controllers in respect of personal data relating to whistleblowers and persons who are reported through the scheme. They are provided with guidance on how to comply with EU data protection law in a data protection leaflet. Thus, they can be sure to act in compliance with said law if they follow this guidance.

2013 Press Release Image Image

© 2008 - 2016 | EuroPriSe GmbH - European Privacy Seal | Handelsregister-Nr. (Commercial Register No.): Bonn HRB 20387

No responsibility for the accuracy of the information. Contact | Privacy Notice | Imprint