In the inclusive hosting variant, we host the Power eCard system for our customers on a secure server in Germany. Each customer contains its own personal database, in which the address data is stored. It is consciously not a global database for all our customers – therefore a comprehensive access is not possible!
The data in the customer’s own database is only stored until the customer either deletes the address data himself via the backend (e.g. individual data records or global deletion of a user and thus deletion of this user’s personal address book) or the license expires and the entire system including the database is completely deleted.
Our security concept:
- Physical security: The data center for the Power eCard Hosting is located exclusively in Germany and offers fire protection, redundant design, access control and other physical measures to protect the data. In addition, the data center is secured by a security guard who is on site 24 hours a day.
- We create continuous backups (every 7 days) of the entire system.
- Each customer receives his own, separated database – no comprehensive database for all customers.
Encryption of all requests via HTTPS
Assault protection via SQL Injection, XSS or CSRF
Encryption of all User Passwords
Adjustable Password Guidelines (length, type, validity, etc.)
With Power eCard you work GDPR-compliant:
We have made Power eCard ready for the GDPR. There is a separate “data protection” section in the system, which can only be viewed by certain user roles (e.g. the data protection officer).
Functions are among others:
- Complete logging of all processes and data storage (protocol obligation)
- Export function for protocols – also at receiver level (obligation to provide information)
Export function for data (right to data transfer)
Global search and delete function for user data including logging (right to delete)
Global Block Lists (Recipients who explicitly don’t want to receive more mails will be blocked globally in all address books of all employees, a re-import is also not possible)
- Option to Opt-Out in emails (direct logout/lock function for recipients with one click)
With these functions, our customers can immediately react to possible inquiries (information, deletion, data export, blocking, …) with a few clicks and, in case of doubt, also prove that they are working GDPR-compliant.
Of course we also enter a data processing agreement with all our customers.
In addition to the inclusive hosting version, we also offer a Self-Hosted version (annual license), where we provide the complete software integrated into our customer’s own web infrastructure. Of course, the same security concepts apply here, but in this variant we have no access to the data – they are then completely under their own control in their own infrastructure.