Privacy and information security

Revision as of 14:39, 10 August 2023 by Richard Heigl (talk | contribs)

Here you will find the most important information on the topics of data protection and information security relating to the BlueSpice software.

Declarations, contracts and directories

Hallo Welt! ensures compliance with the relevant data protection laws. For a company in Germany, these are the EU General Data Protection Regulation (EU-GDPR) as well as supplementary regulations in the Federal Data Protection Act (BDSG) as well as other data protection regulations when handling personal data (including the fundamental right to informational self-determination). These regulations require the provision of these documents:

You can find out how Hallo Welt! deals with other guidelines, certifications and standards on the Certification and Compliance page.

Technical features of the BlueSpice software

In addition, BlueSpice offers a number of features that ensure data protection and information security:

Authentication

BlueSpice supports various authentication mechanisms to meet your security requirements. In addition to the connection of user directories via LDAP, single sign-on via Kerberos or SAML can also be implemented. The use of two-factor authentication is also possible. Learn more about user authentication under: Software - Security & Reliability.

Rights management

BlueSpice allows the differentiation of users, groups, roles and rights. A basic distinction is made between anonymous wiki visitors without an account and logged-in wiki users with an account. Typical roles of wiki users are:

  • Readers may read and comment on content.
  • Editors may additionally edit content.
  • Reviewers may additionally release content.
  • Administrators may additionally make settings in the wiki.

Groups, roles and rights can be configured in principle. The handling is described in our admin manual.

Privacy Center

In general, a wiki software like BlueSpice logs all user actions, including read accesses, write accesses and administrative actions. In order to meet the requirements of the EU DSGVO, BlueSpice now has the Privacy Center function. This gives wiki users these options:

  • anonymisation, e.g. by making the name unrecognisable,
  • request all stored data,
  • information about the data recorded in the system and the possibility of exporting it,
  • (dis)agreement with the privacy policy and the cookie policy,
  • deletion of the user account.

A more detailed description of the functions can be found in the BlueSpice Helpdesk.

Stand-alone capability

BlueSpice can be operated without access to external sources. Thus, no information flows to external service providers. BlueSpice can therefore also be used in intranets that are closed to the outside world. Internet access is recommended for the operation of BlueSpice, but not absolutely necessary.

Please note that the Free Edition has a reduced range of functions.


Technical access to client systems

Systems hosted in the cloud

In our cloud infrastructure, only users with the rights assigned by the client have access to the data in the wiki. Access to the server by the client or third parties is not possible. The access restrictions for Hallo Welt! or their service providers are explained here: Cloud - Security and Reliability.

On-premises systems hosted by the customer

With on-premises systems, the data is stored in the infrastructure of the customer, who is therefore also responsible for all data protection and information security issues. When working on on-premises systems, we largely follow the requirements of our customers and use their infrastructure. Hallo Welt! itself uses SSH access, VPN and Teamviewer as technologies. In addition, access is possible via interfaces provided to us by the customer.

  • Common remote access tools that can be used by us:
    • VPN+SSH/VPN+RDP
    • Teamviewer
    • Microsoft Teams
    • Webex
    • Fastviewer
  • Common VPN clients are:
    • OpenVPN
    • SecurePulse
    • FortiNet
  • Data transmission: For the transfer of larger amounts of data, for example for migrations or backups, Hallo Welt! GmbH provides a Nextcloud instance.

Employees and subcontractors

The employees of Hallo Welt! GmbH provide their services in Germany and Poland. In addition, we work with external service providers in Ukraine, India and New Zealand, who are, however, only involved in product development (not in customer systems or in the processing of data). There may be exceptions to this after consultation with the customer.

External links

For more information on data protection and information security, please visit the product website: