Image

European Privacy Seal for goTRESOR-HighSecurePlus

Recertification: 01/2017

GOGU Systems GmbH proved that its IT-based service goTRESOR-HighSecurePlus complies with EU data protection law. goTRESOR-HighSecurePlus enables users to exchange files and messages in a secure manner. Providing the service, GOGU processes customer data in line with EU data protection law. Users of goTRESOR are controllers in respect of personal data that may form part of exchanged files and messages. They are provided with guidance on how to comply with EU data protection law in a data protection leaflet. Thus, they can be sure to comply with EU data protection law if they follow this guidance.   

Product/Version

goTRESOR-HighSecurePlus
Function as provided in December 2016

Qualification: IT-based service

View the goTRESOR Certificate 

Cert. No.

EP-S-4L662S

Version of Certification Criteria

11/2011 (95/46/EC)

Validity

27/01/2017 - 31/01/2019

Initial cert: 12/12/2014

Monitoring

09/2017 (O.K.)

05/2018 (O.K.)

Public report

Recert 201701: goTRESOR Short Public Report [PDF] Image

Initial cert 201412: goTRESOR Short Public Report [PDF] Image 

Manufacturer/Provider

Bild

GOGU Systems GmbH
Böhmerwaldstr. 47 
85630 Grasbrunn
Germany

BEST

The manufacturer has implemented a mechanism that allows users of goTRESOR-HighSecurePlus to verify that the SW-code in use on the webserver has not been changed (by the manufacturer).

ATTENTION

Documents that are exchanged by means of goTRESOR-HighSecurePlus may contain personal data. In this respect, users of goTRESOR-HighSecurePlus are controllers whereas GOGU Systems GmbH acts as processor on their behalf. This means that users of goTRESOR-HighSecurePlus must ensure that this processing of personal data complies with all relevant requirements of EU data protection law. Users are provided with detailed information on this topic in a data protection leaflet.

Summary

goTRESOR-HighSecurePlus is a data-exchange-service which can be used by anyone who wants to share data (files, messages, timetable entries, resubmissions) with other users within a closed user group. The data-exchange-service can be installed and managed by the customer on an own server or be used as a web service provided by GOGU Systems (either on a dedicated server managed by GOGU Systems in a German data center or on a dedicated server of the client managed by GOGU Systems).

Details

Recert 201701

The result of the technical and legal evaluation was that no changes had been made to the ToE.

Initial Cert 201412

The ToE includes the following components:

  • GoTresor-HighSecurePlus “onDemand” (data hosted on manufacturer’s server)
  • GoTresor-HighSecurePlus “Enterprise” (data hosted on manufacturer’s server)
  • GoTresor-HighSecurePlus “Enterprise” (data hosted on customer’s server)
  • Manufacturer’s web-portal https://www.gotresor.de

The ToE uses a cascade of encryption-technologies for data exchanged through the service.  When uploading data to the locker on the webserver, the file is sliced to several pieces which are then encrypted with the key of the online locker of the user on the client side. The data is then transmitted to the server using TLS-/SSL-encryption. The encrypted slices of data are constructed to one encrypted file with an encrypted file name on the server again. When downloading data the file is separated to different pieces, too.  The separate pieces are then decrypted on the server (“on the fly”) and encrypted with the symmetric SSL-key and then transmitted over an SSL-connection. The browser of the user will finally put the pieces of data together to a file.  Every safe and every locker within the safe uses a different AES256 key for encryption. The whole transmission of data is encrypted by using the Transport Layer Security (TLS) / Secure Socket Layer (SSL).

A mechanism has been implemented that allows users of the ToE to verify that the SW-code in use on the webserver has not been changed (i.e., that the service is actually provided in the manner described above).

Technical Evaluator

Andreas Bethke
Papenbergallee 34
25448 Kellinghusen
Germany
bethke@europrise-expert.com

Legal Evaluator

Stephan Hansen-Oest
Im Tal 10a
24939 Flensburg
Germany 
sh@hansen-oest.com

Image

Disclaimer:

This register is kept with the utmost care. However, EuroPriSe does NOT guarantee the accuracy of information found on the Site. Your reliance on information found on the Site is at your own risk. For more information please go to EuroPriSe Terms & Conditions.

© 2008 - 2019 | EuroPriSe GmbH - European Privacy Seal | Handelsregister-Nr. (Commercial Register No.): Bonn HRB 20387

No responsibility for the accuracy of the information. Contact | Privacy Notice | Imprint

Product/Version

REISSWOLF f.i.t.

v1.5; service function as provided in 05/2018

Qualification: IT product and IT-based service (processor service)

View the REISSWOLF f.i.t. certificate

Version of Certification Criteria

11/2011

Cert. No.

EP-S-X5TSCN

Validity

24/05/2018 - 31/05/2020

Monitoring

01/2019

09/2019

Public Report

f.i.t. Short Public Report Image Image 

Manufacturer/Provider

REISSWOLF Systems GmbH

Im Heegen 13
22113 Oststeinbek
Germany

BEST

Access policies can be used to restrict system usage to specific times of the day and/or IP addresses to reduce the attack vector for third-party access. A user session is controlled by means of a cross-tab synchronised session countdown.

ATTENTION

Regarding the processing of personal data on third persons by means of f.i.t., it must be highlighted that the (usually) corporate users of the service qualify as controllers whereas REISSWOLF Systems GmbH acts as a processor on behalf of the users. Customers are advised that the legitimate use of the service may require the collection of the data subject's consent and/or declaration of release from confidentiality.

SUMMARY

REISSWOLF f. i. t. is a web-based archiving system for data storage and access. It serves the purpose of uploading, storing, managing and exchanging data in the sense of a document management system. f.i.t. is a web application that can be used with common internet browsers. 

DETAILS

REISSWOLF f. i. t. is primarily designed for commercial use. It is distributed by REISSWOLF Systems GmbH and operated as Software as a Service (SaaS) in a data center in Germany.

The ToE includes

  • The web-based service REISSWOLF f.i.t. (for details, please cf. the short public report)

It does not include

  • REISSWOLF f.i.t. mobile app
  • REISSWOLF f.i.t. hotfolder
  • Office module
  • Teamviewer
  • Other alternative interfaces to clients

Technical + Legal Evaluator

Ann-Karina Wrede
Innungsstraße 7
21244 Buchholz
Germany

Initial Certification: 05/2018

REISSWOLF f.i.t. provides a web-based service that enables companies to upload, store, manage and exchange data in the sense of a document management system. Users of the service are controllers in respect of personal data on third persons that is processed by means of f.i.t.. The service is designed in a way that facilitates the users' compliance with EU data protection law.

Image

Disclaimer:

This register is kept with the utmost care. However, EuroPriSe does NOT guarantee the accuracy of information found on the Site. Your reliance on information found on the Site is at your own risk.

Image

European Privacy Seal for REISSWOLF f.i.t.