At Power eCard, we host our system on a secure server based in Germany exclusively for each customer. Your data is stored in a dedicated, private database, ensuring no cross-client access. Rest assured, your information remains protected and confidential.
At Power eCard, customer data is stored in our dedicated database only for as long as necessary. You have full control: delete individual records, such as globally deleting a user and thereby removing their personal address book, or clear all data by terminating your license, which also deletes the entire system and database
Our Security Concept
- Physical Security: Our Power eCard hosting data center is located exclusively in Germany, offering fire protection, redundant design, access control, and other physical measures to safeguard data. Additionally, the facility is monitored 24/7 by on-site security personnel.
- Continuous Backups: We maintain daily backups of the entire system for up to 7 days.
- Dedicated Customer Databases: Each customer receives their own separate database, ensuring data isolation and privacy.
- Encryption: All communications are encrypted using HTTPS to protect data in transit.
- Protection Against Attacks: Our systems are secured against threats such as SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF).
- Password Encryption: User passwords are stored in encrypted form to enhance security.
- Configurable Password Policies: We provide adjustable password policies, allowing customization of length, complexity, validity period, and more.
GDPR Compliance with Power eCard:
At Power eCard, we've ensured full GDPR compliance for our users. The system includes a dedicated "Privacy" section accessible only to authorized user roles, such as the Data Protection Officer.
Key functionalities include:
- Complete Logging of Operations and Data Storage: We log all operations and data storage activities to meet logging requirements.
- Export Functionality for Logs, Including Recipient Level: Easily export logs, including recipient-specific details, to fulfill information requests.
- Data Export Capability: Users can export their data, adhering to the right to data portability.
- Global Search and Delete Functionality for User Data: Quickly search and delete user data across the system with logging for compliance with the right to erasure.
- Global Suppression Lists: Maintain global suppression lists across all employee address books, preventing re-imports of recipients who choose not to receive emails.
- Opt-Out Link in Emails: Include a one-click opt-out link in emails for direct unsubscribe or suppression actions.
With these features, our customers can promptly respond to GDPR requests (e.g., information, deletion, data export, suppression) and demonstrate GDPR compliance when needed.
Additionally, we provide all customers with a Data Processing Agreement (DPA) to formalize our commitment to data protection standards.