Image

European Privacy Seal for DRACOON GmbH

Recertification: 03/2018 

DRACOON GmbH proved that its IT product and IT-based service "DRACOON" complies with EU data protection law. DRACOON is a web-based, virtual data space which can be used for uploads, downloads, storage, management and transmission of data. Providing the service, DRACOON GmbH processes customer data in line with EU data protection law. Users of DRACOON are controllers in respect of personal data that may be uploaded to DRACOON. They are provided with guidance on how to comply with EU data protection law in a data protection leaflet. Thus, they can be sure to comply with EU data protection law if they follow this guidance. 

Image

Disclaimer:

This register is kept with the utmost care. However, EuroPriSe does NOT guarantee the accuracy of information found on the Site. Your reliance on information found on the Site is at your own risk. For more information please go to EuroPriSe Terms & Conditions.

Product/Version

DRACOON
(previously marketed as Secure Data Space)

Version: 4. (Subversion 4.5.0) - Function as provided in January 2018 

Qualification: IT product and IT-based service (processor service)

View the DRACOON V4 Certificate 

Version of Certification Criteria

01/2017

Cert. No.

EP-S-1W6P7H

Validity

15/03/2018 - 31/03/2020

Recertification No. 1 (SDS v3.0): June 29, 2015

Initial certification (SDS v2.1) on April 28, 2015

Monitoring

11/2018 (O.K.)

07/2019

Public report

2018 Short Public Report DRACOON v4 Image Image 

2015 Short Public Report SDS v3 Image Image

Manufacturer/Provider

DRACOON GmbH
(previously traded under the name SSP Europe GmbH)
Galgenbergstrasse 2a
93053 Regensburg
Germany

BEST

DRACOON enables users to make use of secure encryption technology at the client side. A leaflet provides users with understandable information on how to use DRACOON in a data protection compliant manner.

ATTENTION:

Data that are uploaded to a data room by the user may contain personal data and even special categories of personal data. In this respect, the users of DRACOON are controllers whereas DRACOON GmbH acts as a processor on their behalf. This means that users of DRACOON must ensure that this processing of personal data complies with all relevant requirements of EU data protection law. Users are provided with detailed information on this topic in a data protection leaflet.

Summary

DRACOON is a web-based virtual data space which can be used for uploads, downloads, storage, management and transmission of data. DRACOON is designed for B2B relationships. It is accessible via https://dracoon.team

Depending on the individual usage scenario, data may qualify as personal data and even as special categories of personal data. Confidentiality of (personal) data can be ensured by means of encryption technology at the client side. DRACOON GmbH advises the users to choose this option when processing personal data by means of DRACOON in a data protection leaflet.

Details

Recertification 03/2018:

The following changes have been made to the ToE since the previous recertification:

  • Directories can now be shared
  • Introduction of a recycle bin where old versions of files can be kept
  • The syslog entries can now optionally be sent to an audit system (e.g., Splunk - not part of the ToE)
  • E-mail addresses can be changed by the users
  • Customers’ accounts can be locked
  • Favorites: Files and folders can be tagged as favorites by users for quick access
  • Upload accounts can be password protected
  • Upload accounts and download links (with password protection) in encrypted rooms have been enabled
  • The Activity Log has been introduced, allowing authorized users to see, etc. which new files have been added in their data rooms
  • Granular rights concept and new roles
  • Sending release passwords via SMS
  • Drag and drop upload via the web interface
  • Sending note e-mails via the web interface

The results of the re-evaluation by the EuroPriSe experts demonstrated that DRACOON meets all applicable requirements of EuroPriSe's "GDPR-ready" criteria catalogue.  

Recertification 06/2015:

SDS v3.0 introduces the following improvements:

  • Implementation of JSON_REST_API Interface
  • Improvement of encryption functionalities
  • Improvement of provision of encrypted files
  • Increased length of share links
  • Improvement of authorisation concept

The following versions of SDS v3.0 are covered by the EuroPriSe certification:

  • Secure Data Space Online
  • Secure Data Space Dedicated
  • Secure Data Space Virtual Appliance

The ToE includes:

  • WebUI
  • JSON_REST_API Interface
  • SDS Server
  • Management database
  • Appropriatenes of technical and organisational measures at QSC data center
  • Legal interfaces (data protection relevant contracts) with QSC data center

The ToE does not include:

  • The use of SDS by means of smartphones and tablets
  • Mobile apps that enable users to make use of SDS
  • The operational environment
  • The hardware components that are located in the data center and the respective operating system
  • Licensing and sales processes of SSP Europe GmbH
  • The presentation of the company at https://www.ssp-europe.eu
  • Any further services of SSP Europe GmbH

Technical Evaluator

Since recertification no. 2 (201803):

Alexey Testsov
datenschutz cert GmbH
Konsul-Smidt-Str. 88a
28217 Bremen
Germany

Until recertification no. 1 (201506):

Ralf von Rahden
datenschutz cert GmbH
Konsul-Smidt-Str. 88a
28217 Bremen
Germany

Legal Evaluator

Dr. Irene Karper
datenschutz cert GmbH
Konsul-Smidt-Str. 88a
28217 Bremen
Germany

Formerly Certified Versions

v3.0
v2.1

© 2008 - 2019 | EuroPriSe GmbH - European Privacy Seal | Handelsregister-Nr. (Commercial Register No.): Bonn HRB 20387

No responsibility for the accuracy of the information. Contact | Privacy Notice | Imprint

Product/Version

REISSWOLF f.i.t.

v1.5; service function as provided in 05/2018

Qualification: IT product and IT-based service (processor service)

View the REISSWOLF f.i.t. certificate

Version of Certification Criteria

11/2011

Cert. No.

EP-S-X5TSCN

Validity

24/05/2018 - 31/05/2020

Monitoring

01/2019

09/2019

Public Report

f.i.t. Short Public Report Image Image 

Manufacturer/Provider

REISSWOLF Systems GmbH

Im Heegen 13
22113 Oststeinbek
Germany

BEST

Access policies can be used to restrict system usage to specific times of the day and/or IP addresses to reduce the attack vector for third-party access. A user session is controlled by means of a cross-tab synchronised session countdown.

ATTENTION

Regarding the processing of personal data on third persons by means of f.i.t., it must be highlighted that the (usually) corporate users of the service qualify as controllers whereas REISSWOLF Systems GmbH acts as a processor on behalf of the users. Customers are advised that the legitimate use of the service may require the collection of the data subject's consent and/or declaration of release from confidentiality.

SUMMARY

REISSWOLF f. i. t. is a web-based archiving system for data storage and access. It serves the purpose of uploading, storing, managing and exchanging data in the sense of a document management system. f.i.t. is a web application that can be used with common internet browsers. 

DETAILS

REISSWOLF f. i. t. is primarily designed for commercial use. It is distributed by REISSWOLF Systems GmbH and operated as Software as a Service (SaaS) in a data center in Germany.

The ToE includes

  • The web-based service REISSWOLF f.i.t. (for details, please cf. the short public report)

It does not include

  • REISSWOLF f.i.t. mobile app
  • REISSWOLF f.i.t. hotfolder
  • Office module
  • Teamviewer
  • Other alternative interfaces to clients

Technical + Legal Evaluator

Ann-Karina Wrede
Innungsstraße 7
21244 Buchholz
Germany

Initial Certification: 05/2018

REISSWOLF f.i.t. provides a web-based service that enables companies to upload, store, manage and exchange data in the sense of a document management system. Users of the service are controllers in respect of personal data on third persons that is processed by means of f.i.t.. The service is designed in a way that facilitates the users' compliance with EU data protection law.

Image

Disclaimer:

This register is kept with the utmost care. However, EuroPriSe does NOT guarantee the accuracy of information found on the Site. Your reliance on information found on the Site is at your own risk.

Image

European Privacy Seal for REISSWOLF f.i.t.