Image

European Privacy Seal for www.vbl.de (Website Pilot)

Initital Certification: 08/2015

As part of the ongoing pilot phase regarding the new EuroPriSe certification product "website certification", VBL. Versorgungsanstalt des Bundes und der Länder proved that the publicly available parts of the website www.vbl.de comply with EU data protection law. Visitors of www.vbl.de can be sure that processing of personal data that results from the interaction between their browsers and VBL's webserver is in line with the EU directives on data protection. 

  

Press Release Image Image

Image

Disclaimer:

This register is kept with the utmost care. However, EuroPriSe does NOT guarantee the accuracy of information found on the Site. Your reliance on information found on the Site is at your own risk. For more information please go to EuroPriSe Terms & Conditions.

Product/Version

www.vbl.de

Function as provided in August 2015

Qualification: Website

View the www.vbl.de certificate

Cert. No.

EP-W-PPR1FL (pilot)

Validity

26/08/2015 - 31/08/2017

Monitoring

04/2016 (O.K.)

12/2016 (O.K.)

Inspection Catalogue v0.2
(pilot phase)

Within the pilot phase regarding the new EuroPriSe certification product "website certification", only a shortened version of the applicable inspection catalogue is made publicly available. Based on the experiences of the pilot phase, an updated version of the inspection catalogue will be published at the beginning of regular operation of the new product "website certification". This updated version will be pubished in full. View the shortened version of Inspection Catalogue v0.2.

Website Owner

Bild

VBL. Versorgungsanstalt des Bundes und der Länder
Hans-Thoma-Straße 19
76133 Karlsruhe
Germany

Scope

Website certification covers the publicly available parts of a website. It focuses on the interaction between a visitor of a website and the website when the visitor browses the publicly available parts of the website. By contrast, it does not cover data protection issues related to website content (e.g., published pictures, videos and personal data in textual format).

Access restricted parts of a website are out of scope, but may be certified as an IT-based service according to the respective EuroPriSe requirements. The same holds true for other website offerings that qualify as an IT-based service (e.g., web shops).

In the case at hand, it must be stressed that the customer portal "Meine VBL" is out of scope of the EuroPriSe website certification. In addition, forms and other functionalities of the website that are not directed to all visitors of the website, but only to customers of VBL, have been examined in respect of communication security, but not in terms of data avoidance and minimization.

Target of Evaluation

The target of evaluation of the website pilot certification project www.vbl.de includes:

  • All information (DE+EN) on the website that ensures transparency towards website visitors as far as data protection issues are concerned, namely
    • the imprint,
    • the privacy policy,
    • the information that is provided via the cookie banner and
    • the cookie policy;
  • Processing of visitors' IP addresses;
  • Use of browser cookies;
  • Communication security of personal data submitted by means of forms (proper encryption); 
  • Processing of personal data upon subscription to VBL's newsletter;
  • Functionality that allows visitors to recommend some forms in the download section of the website.

The ToE does not include:

  • Hosting of the webserver by a third party (contract + TOMs);
  • Customer portal "Meine VBL";
  • Data protection issues that go beyond communication security with regard to forms that are not directed to all visitors of the website, but only to customers of VBL (e.g., contact form for customers).

Evaluation Result

The legal and technical evaluation by the EuroPriSe Experts confirmed that visitors of the publicly available parts of the website www.vbl.de can be sure that VBL complies with all relevant requirements of the General Data Protection Directive (95/46/EC) and of the Directive on Privacy and Electronic Communications (2002/58/EC) as far as interaction between website visitors' browsers and the webserver is concerned.  

Technical Evaluator

Andreas Sütterlin
SüdWest Datenschutz Rechtsanwaltsgesellschaft mbH
Rüppurrer Straße 4
76137 Karlsruhe
Germany

Legal Evaluator

Nicole Schmidt
SüdWest Datenschutz Rechtsanwaltsgesellschaft mbH
Rüppurrer Straße 4
76137 Karlsruhe
Germany

© 2008 - 2019 | EuroPriSe GmbH - European Privacy Seal | Handelsregister-Nr. (Commercial Register No.): Bonn HRB 20387

No responsibility for the accuracy of the information. Contact | Privacy Notice | Imprint

Product/Version

REISSWOLF f.i.t.

v1.5; service function as provided in 05/2018

Qualification: IT product and IT-based service (processor service)

View the REISSWOLF f.i.t. certificate

Version of Certification Criteria

11/2011

Cert. No.

EP-S-X5TSCN

Validity

24/05/2018 - 31/05/2020

Monitoring

01/2019

09/2019

Public Report

f.i.t. Short Public Report Image Image 

Manufacturer/Provider

REISSWOLF Systems GmbH

Im Heegen 13
22113 Oststeinbek
Germany

BEST

Access policies can be used to restrict system usage to specific times of the day and/or IP addresses to reduce the attack vector for third-party access. A user session is controlled by means of a cross-tab synchronised session countdown.

ATTENTION

Regarding the processing of personal data on third persons by means of f.i.t., it must be highlighted that the (usually) corporate users of the service qualify as controllers whereas REISSWOLF Systems GmbH acts as a processor on behalf of the users. Customers are advised that the legitimate use of the service may require the collection of the data subject's consent and/or declaration of release from confidentiality.

SUMMARY

REISSWOLF f. i. t. is a web-based archiving system for data storage and access. It serves the purpose of uploading, storing, managing and exchanging data in the sense of a document management system. f.i.t. is a web application that can be used with common internet browsers. 

DETAILS

REISSWOLF f. i. t. is primarily designed for commercial use. It is distributed by REISSWOLF Systems GmbH and operated as Software as a Service (SaaS) in a data center in Germany.

The ToE includes

  • The web-based service REISSWOLF f.i.t. (for details, please cf. the short public report)

It does not include

  • REISSWOLF f.i.t. mobile app
  • REISSWOLF f.i.t. hotfolder
  • Office module
  • Teamviewer
  • Other alternative interfaces to clients

Technical + Legal Evaluator

Ann-Karina Wrede
Innungsstraße 7
21244 Buchholz
Germany

Initial Certification: 05/2018

REISSWOLF f.i.t. provides a web-based service that enables companies to upload, store, manage and exchange data in the sense of a document management system. Users of the service are controllers in respect of personal data on third persons that is processed by means of f.i.t.. The service is designed in a way that facilitates the users' compliance with EU data protection law.

Image

Disclaimer:

This register is kept with the utmost care. However, EuroPriSe does NOT guarantee the accuracy of information found on the Site. Your reliance on information found on the Site is at your own risk.

Image

European Privacy Seal for REISSWOLF f.i.t.