We handle customer data very responsibly. In our industry, where we deal with people who trust our customers, this is essential. That’s why we dedicate a small page to the topic. Find out how data protection is handled in practice by us.
1 Customers of our customers – your customers
We do not collect and store any data in electronic form from your customers. We do not scan name lists. We do not scan trial tests. We do not scan examination sheets. And we do not scan results. And we do not enter any data into our computers that represent such particulars.
2 Exception: Is is your wish, and it is permissible
This rule does not apply if you, as our clientele, need such data – for example, for your billing purposes. If you need scanned attendance lists with signatures from us to check the plausibility of an invoice, we will scan the pages.
3 Particularly protected: Health data
Health data are legally protected in a strong manner. These data may only be trasferred if this is essential. For example, the statement: “Ms Müller was sick on 28. September”, forms health data. Such data do not belong into the accounts (except when salaried employees are paid in sick leave), or into attendance lists. Therefore, we will not provide you with such information electronically.
4 We encrypt customer data when sending e-mail
When sending data by e-mail, we are particularly careful and often encrypt data. Let us explain why.
4.1 Why e-mails are not securely transmitted
If files or texts are sent by e-mail, any body involved in the transmission can read along. The data is not encrypted. E-Mails are forwarded unpredictably through various companies that jointly maintain the Internet, and may also be cached. The open transfer of data via e-mail is therefore less secure than the transmission of a postcard – the postcard can at least only be read by postal staff while on its way; the email can be read by potentially all.
4.2 How we encrypt
If you require the transfer of personal data – such as attendance lists – we encrypt the files that we send to you by e-mail. The key to decrypting is provided to you by us, of course not in the e-mail. We encrypt in a way that allows decryption with any popular program if the key is known.
5 We have to keep your and our emails for a long time
At this point, we would like to draw your attention to a special feature of the storage regulations that also affect your customer data.
5.1 Long retention periods for the tax authorities
The German Tax Code stipulates that “commercial letters” and accounting documents must be kept for a long time – “commercial letters” for six years, accounting documents even for ten years. The period begins when our tax assessment is finally completed.
5.2 Large extent of the storage obligation
The “trade letters” to be kept include all documents – including electronic ones – relating to the preparation, execution, conclusion or cancellation of a transaction – in other words, all business correspondence other than advertising. If, for example, price lists form an aid to invoicing, these are also considered “trade letters”. So you can practically assume that we have to keep all correspondence with you for a long time.
5.3 Storage in the original and auditable
The documents must be kept in the original – that means in the case of electronic correspondence: electronically, as a file. The storage must be audit-proof, so above all: We can not delete or change anything. This handling is mandatory under tax law.
5.4 Conclusions for your correspondence
The requirements of tax law precede the data protection laws. This means that if you send us data via e-mail concerning the execution of a contract, we must store the content unchanged for many years. If it is unnecessary, do not send us sensitive data by email or choose non-verbose language. Instead of stating that someone is “ill”, it is usually sufficient to point out a “personal absence”.
6 Any questions?