Image

European Privacy Seal for vimacc

Product/Version

vimac

vimacc version 2.2 - video management software

Qualification: IT product 

View the vimacc certificate

Cert. No.

EP-P-9NXYPZ

Version of Certification Criteria

11/2011 (95/46/EC)

Validity

10/02/2017 until 28/02/2019

Public report

vimacc Short Public Report(PDF)  

Manufacturer/Provider

accellence technologies

Accellence Technologies GmbH
Garbsener Landstr. 10
30419 Hannover
Germany

www.accellence.de/en/

BEST

vimacc enables true end-to-end encryption within a video surveillance system. Video streams may be encrypted within the camera already when making use of the vimac encryption module as recommended by the manufacturer. Furthermore, Accellence Technologies provides the users of vimacc with information on privacy relevant matters in an exemplary manner by means of a data protection leaflet.

ATTENTION:

vimacc facilitates its privacy compliant use and may contribute to the legitimate implementation of a video surveillance system. However, the use of vimacc alone does not guarantee in itself that a video surveillance system complies with EU data protection law. Rather, the legitimacy of the video surveillance system needs to be evaluated separately on a case by case basis by the operator of the video surveillance system (i.e. the user of vimacc).

Summary

vimacc is a professional video management software. With vimacc a user can stream and store information from video surveillance cameras. All video data is encrypted during transfer and at rest. It is encrypted either in the camera or in the first software interface of vimacc. Accellence Technologies advices the users of vimacc that the highest level of confidentiality and integrity is achived if they make use of cameras that allow for the installation of the vimacc encryption module directly on the camera and thus for real end-to-end encryption.

For the encryption of video data, vimacc makes use of a hybrid solution of RSA and AES encryption. In order to decrypt the encrypted video data, the users of vimacc must utilise a hardware dongle with a private decryption key.

vimacc offers a comprehensive way of managing users and access rights to its users. Furthermore, it comes with a data protection friendly option that allows for the pixelating of areas forming part of a video recording. The data protection leaflet that users of vimacc are provided with informs them about privacy relevant matters in an exemplary manner. It even contains a checklist which the users can work through when planning the deployment of a video surveillance system.

Details

The target of evaluation (ToE) of the EuroPriSe certification is the software vimacc v2.2 which is configured by Accellence Technologies to run under the following restrictions:

  • end-to-end encryption is activated and cannot be deactivated by an administrator of the system;
  • the whole internal communication is encrypted;
  • audio streams are deactivated and cannot be activated;
  • the integrated http server is deactivated (not part of the ToE);
  • the integrated RTSP server is deactivated (not part of the ToE);
  • the integrated FTP uploader is deactivated (not part of the ToE);
  • the password policies are set as delivered and cannot be deactivated, though passwords that are even stronger than is required by the default settings can be defined and used;
  • any export of video streams must be encrypted and protected by passwords with defined strong policies concerning their complexity; and
  • the vimacc control interface must not be set to "VIMACC_CONTROL_INTERFACE_ALL=true" which would grant full access to the system.

It must be stressed that customers of Accellence Technologies who make use of the ToE are not able to change the privacy relevant configuration elements listed above autonomously.

Further information can be found in the short public report that is available here.

Technical Evaluator

Andreas Bethke
Papenbergallee 34
25548 Kellinghusen
Germany
bethke@europrise-expert.com

Legal Evaluator

Stephan Hansen-Oest
Im Tal 10a
24939 Flensburg
Germany 
sh@hansen-oest.com

Formerly Certified Versions

n.a.

Initial Certification: 02/2017

Accellence Technologies GmbH proved that its IT product "vimacc" facilitates its privacy compliant use. vimacc is a video management software that provides for true end-to-end encryption. Users of vimacc are controllers in respect of the processing of personal data that results from the use of their respective video surveillance systems which are managed by vimacc. They are provided with guidance on how to comply with EU data protection law in a data protection leaflet and can be sure to act in compliance with EU data protection law if they follow this guidance.

Image

Disclaimer:

This register is kept with the utmost care. However, EuroPriSe does NOT guarantee the accuracy of information found on the Site. Your reliance on information found on the Site is at your own risk. For more information please go to EuroPriSe Terms & Conditions.

© 2008 - 2019 | EuroPriSe GmbH - European Privacy Seal | Handelsregister-Nr. (Commercial Register No.): Bonn HRB 20387

No responsibility for the accuracy of the information. Contact | Privacy Notice | Imprint

Product/Version

REISSWOLF f.i.t.

v1.5; service function as provided in 05/2018

Qualification: IT product and IT-based service (processor service)

View the REISSWOLF f.i.t. certificate

Version of Certification Criteria

11/2011

Cert. No.

EP-S-X5TSCN

Validity

24/05/2018 - 31/05/2020

Monitoring

01/2019

09/2019

Public Report

f.i.t. Short Public Report Image Image 

Manufacturer/Provider

REISSWOLF Systems GmbH

Im Heegen 13
22113 Oststeinbek
Germany

BEST

Access policies can be used to restrict system usage to specific times of the day and/or IP addresses to reduce the attack vector for third-party access. A user session is controlled by means of a cross-tab synchronised session countdown.

ATTENTION

Regarding the processing of personal data on third persons by means of f.i.t., it must be highlighted that the (usually) corporate users of the service qualify as controllers whereas REISSWOLF Systems GmbH acts as a processor on behalf of the users. Customers are advised that the legitimate use of the service may require the collection of the data subject's consent and/or declaration of release from confidentiality.

SUMMARY

REISSWOLF f. i. t. is a web-based archiving system for data storage and access. It serves the purpose of uploading, storing, managing and exchanging data in the sense of a document management system. f.i.t. is a web application that can be used with common internet browsers. 

DETAILS

REISSWOLF f. i. t. is primarily designed for commercial use. It is distributed by REISSWOLF Systems GmbH and operated as Software as a Service (SaaS) in a data center in Germany.

The ToE includes

  • The web-based service REISSWOLF f.i.t. (for details, please cf. the short public report)

It does not include

  • REISSWOLF f.i.t. mobile app
  • REISSWOLF f.i.t. hotfolder
  • Office module
  • Teamviewer
  • Other alternative interfaces to clients

Technical + Legal Evaluator

Ann-Karina Wrede
Innungsstraße 7
21244 Buchholz
Germany

Initial Certification: 05/2018

REISSWOLF f.i.t. provides a web-based service that enables companies to upload, store, manage and exchange data in the sense of a document management system. Users of the service are controllers in respect of personal data on third persons that is processed by means of f.i.t.. The service is designed in a way that facilitates the users' compliance with EU data protection law.

Image

Disclaimer:

This register is kept with the utmost care. However, EuroPriSe does NOT guarantee the accuracy of information found on the Site. Your reliance on information found on the Site is at your own risk.

Image

European Privacy Seal for REISSWOLF f.i.t.