data protection concept - european commission...germany t +49 89 5600 0 [email protected] 2.6...

© Kantar Public 2017

Data Protection Concept Data Protection Organisation and Implementation Kantar Deutschland GmbH

© Kantar Public 2017 2

Content

Content 2

1. Version Management 4

2. General information 5

2.1 Objective of this data protection concept 5

2.2 Controller 5

2.3 Data Protection Officer (DPO) 5

2.4 Computer centre information 5

2.4.1 Managing directors 5

2.4.2 Appointed head of data processing 6

2.5 Local description 6

2.5.1 Address 6

2.6 Overview to the obligation to notify pursuant to Section 4d, 4e, 4g (2) German Federal Data Protection Act (BDSG) 6

2.6.1 Purpose of data collection, processing and use 6

2.6.2 Group of data subjects and types / categories of data 6

2.6.3 Recipient or categories of recipients, to whom the data may be disclosed 7

2.6.4 Indicative time-limit for the deletion of data 7

2.6.5 Planned data transmission to third countries 7

2.6.6 Group of persons authorised for access 7

3. Organisational control 8

3.1 Objective 8

3.2 Measures 8

4. Entry control 10

4.1 Objective 10

4.2 Measures 10

5. Access control 12

5.1 Objective 12

5.2 Measures 12

© Kantar Public 2017 3

6. Usage Control 14

6.1 Objective 14

6.2 Measures 14

7. Transmission control 16

7.1 Objective 16

7.2 Measures 16

8. Input control 17

8.1 Objective 17

8.2 Measures 17

9. Order control 18

9.1 Objective 18

9.2 Measures 18

10. Availability control 19

10.1 Objective 19

10.2 Measures 19

11. Separation control 21

11.1 Objective 21

11.2 Measures 21

12. Certificates 22

12.1 ISO/IEC 9001 22

12.2 ISO/IEC 20252 24

12.3 ISO/IEC 27001 25

4© Kantar Public 2017

1. Version Management

Datum Version Autor Veränderung Freigabe Status

27/02/13 0.1 Timo Wilken Initial draft draft

27/06/13 0.2 Patricia Oberle

Minor corrections

draft

29/01/14 0.3 Timo Wilken Change of company name

draft


Updates Timo Wilken released



03/11/14 1.2 David Ohlenroth



Annual review / Updates

Timo Wilken released


ISO-certificates Timo Wilken released


Annual review / Updates




07/12/16 2.0 Felix Czwikla Annual review / Rebranding



Change of company name







2. General information

2.1 Objective of this data protection concept

This data protection concept contains the technical and organisational measures as well as the control activities according to the Annex to Section 9 German Federal Data Protection Act (BDSG) and Section 78a of Volume X of the Social Insurance Code (SGB X) and defines tasks, obligations and responsibilities as well as the conditions of the data processing processes in the company.

2.2 Controller

Kantar Deutschland GmbH, Registered in: München, AG München, HRB 113021, VAT-Number: DE813390549.

2.3 Data Protection Officer (DPO)

Ass. iur. Timo Wilken

Kantar Holding GmbH

Landsberger Straße 284

80687 München

Tel.: +49 89 5600-1176

Fax: +49 89 5600-1730

E-Mail: [email protected]

2.4 Computer centre information

Highly available green IT computer centre

All IT processes are compliant with ISO 20000

Comprehensive SOX controls

2.4.1 Managing directors

Hagenhoff, Winfried

Krüger, Jens

Lainer, Doris

Paule, Frank

Scheffler, Hartmut


Siegel, Dr. Nico A.

Stumpp, Dr. Stefan

Wieland, Robert A.

2.4.2 Appointed head of data processing

Hoogeveen, Henk

2.5 Local description

2.5.1 Address

Kantar Deutschland GmbH

Landsberger Str. 284

80687 München

Germany

T +49 89 5600 0

[email protected]

2.6 Overview to the obligation to notify pursuant to Section 4d, 4e, 4g (2) German Federal Data Protection Act (BDSG)

2.6.1 Purpose of data collection, processing and use

Kantar Deutschland GmbH collects, processes and uses personal data for the purpose of anonymous market, opinion and social research surveys in nearly all areas of society (e. g. Technology & Finance, Media & Internet, Consumer & Industry, Mobility, Political & Social, etc.) according to Section 30a BDSG or as processor according to Section 11 BDSG. The results of all market, opinion and social research surveys are evaluated and transmitted to third parties in an anonymous form only.

2.6.2 Group of data subjects and types / categories of data

Persons, who voluntarily participate in market, opinion and social research surveys (address data from German Kantar companies, from the Principal, from address dealers, from the resident registration office, data from public sources as well as addresses / phone numbers of households and companies which were generated with an automatic random procedure, survey data, possibly further informations, if these are required to fulfil the purpose described under number 2.6.1).

Customers (e. g. address data, identification data, contract data, control data, possibly other data, if these are required for the proper and appropriate processing of the business relationship, e. g. accounting data)

Interested parties / non-customers (e. g. address data, field of interest, bidding data)

Suppliers (e. g. address data, contact data, contract data, accounting and performance data, self-assessments)


2.6.3 Recipients or categories of recipients, to whom the data may be disclosed

Public authorities if statutory provisions are affected, external suppliers pursuant to Section 30a BDSG or within the scope of data processing on behalf pursuant to Section 11 BDSG as well as internal departments / specialist departments of Kantar Deutschland GmbH to fulfill the purpose under number 2.6.1.

2.6.4 Indicative time-limit for the deletion of data

The legislator has introduced several obligations and time-limits for the storage of data. After the expiration of those time-limits personal data will be deleted routinely. If parts of the data are not affected by this, they will be deleted after fulfilling the purpose described under number 2.6.1.

2.6.5 Planned data transmission to third countries

Data transmission to countries outside of the European Union (EU) / the European Economic Area (EEA) shall only be made within the framework of data processing on behalf (Section 11 BDSG), within the framework of a justified interest or because of a voluntary and informed consent of the data subjects. The transmission will be carried out only in compliance with the statutory conditions of admissibility pursuant to Section 4b and Section 4c BDSG.

2.6.6 Group of persons authorised for access

All employees are obliged to maintain data secrecy pursuant to Section 5 BDSG as well as the secrecy of social data pursuant to Section 35 SGB I. Only those employees have access to personal data, which are necessary to fulfill the purpose described under number 3.6.1.


3. Organisationskontrolle

3.1 Objective

The objective of the organisational control is to create an intra-corporate organisation that complies with the specific conditions of data protection.

3.2 Measures

ORGANISATIONAL CONTROL MEASURES

Data protection organisation Appointment of a Data Protection Officer (DPO) and internal business department „Data Protection & Legal“

Data protection contents and documents available via internal company Sharepoint

Cooperation with external law office

Measures to ensure the lawful processing of personal data

Obligation of data secrecy pursuant to Section 5 BDSG and secrecy of social data pursuant to Section 35 SGB I for every employee

Data protection chapter in every employment contract

Informations regarding data protection for every new employee

Process descriptions and examination requirements in accordance with ISO certified quality management system

Measures to ensure compliance with internal processes / quality checks

External audits

Certification pursuant to ISO 9001 and 27001

Appointment of an Information Security Officer (ISO)

Appointment of a Quality Management Officer

Staff training Obligation for every employee to absolve an annual training regarding data protection and information security

… (continued)


ORGANISATIONAL CONTROL (continued)

MEASURES

Staff training (continued) Data protection seminars are offered in the HR seminar program

Obligation for every new employee to absolve the on-site training “Data Protection & Information Security for beginners”

Further on-site trainings on request

Training documentation via certificates and attendance lists

Announcements regarding data protection via email / sharepoint

Documentation of the admissibility of all relevant data protection related processes

Internal and public overview of all notifiable processes (Section 4d, 4e BDSG)

External audits


4. Entry control

4.1 Objective

The objective of the entry control is to prevent unauthorised persons from entering data processing facilities where personal data is processed or used with the help of adequate measures.

4.2 Measures

ENTRY CONTROL MEASURES

Building security Occupied reception / Separate gates for employees and deliveries

Entry control, multi-stage security system

Building locked outside working hours

Guard service / Plant security outside working hours

Separation of processing zones and visitor’s zones

Access to individual floors with electronic access control (chip) only

Admission to the buildings logged and checked

Electronic access control (chip) for all staff members

Entry to the building / storeys traceable

Identity passes for visitors

Setting up the computer center as a security sector

Servers are located in a locked computer center with access control and burglary-, fire alarm- and fire extinguishing system

Backup media stored in a safe in a co-location (SOX control)

Locking system: Key regulations with access authorization

… (continued)


ENTRY CONTROL (continued) MEASURES

Specifying persons with access authorisation

Logging the issue of keys

Special access regulations for others: only in the presence of a person with access authorisation

Logging admissions

SOX Control, ISO 27001 Control

Securing the networks Distribution boxes are secured against unauthorised access

Network management carried out centrally 24/7 under the responsibility of IT

Router, switches and network components are located in locked rooms or steel containers

Cables are located in sealed cable ducts; cabling is documented

SOX Control


5. Access control

5.1 Objective

The objective of the access control is to prevent unauthorised persons from using data processing systems which contain personal data.

5.2 Measures

ACCESS CONTROL MEASURES

Internal legitimising procedure for user codes with respect to files and systems / documented organisational procedure for:

Issuing, securing, changing, deleting of user accounts

User accounts with individual access rights

For newly recruited personnel, IT receives the relevant staff data for network operation (staff member code, staff member number, cost center, starting date) from administration automatically and fully-documented

Completely ISO 20000 compliant change management

User accounts for staff members who have left the company

A documented process concerning withdrawal of any access authorisations for staff members who are relocated or leave

Individual user accounts are to be locked / deleted, with documentation

Completely ISO 20000 compliant change management

Logging the access to applications and systems

Traceable back over several months

… (continued)


ACCESS CONTROL (continued) MEASURES

Encryption routines for log-in and password

Security Policy

Global password policy

Minimum length of a user code: 5 characters

Minimum length of a password: 8 characters

Regulated password complexity (special characters, numbers, capital and lower case letters)

Exclusion of trivial passwords

Required password change after 60 days

Lost passwords may only be reset by IT upon receipt of clear authentication

Password history / old passwords may not be re-used (10 generations)

SOX control

Automatic locking system if false user codes / passwords are entered

Access denial if more than four false attempts to log on are made

Automatic / manual keyboard and monitor lock if not used of user is absent

Standard set up for the PC

Automatic keyboard and monitor lock if not used for 10 minutes

Manual locking if user leaves the working place / Clean Desk Policy

Reset only by entering password


6. Usage control

6.1 Objective

The objective of the usage control is to prevent unauthorised persons from using or changing personal data.

6.2 Measures

USAGE CONTROL MEASURES

Arrangements for the authorisation concept and usage rights

Differentiated authorisation system for use of files, system and application programs by persons with access authorisation (including those with maintenance authorisation)

Issuing of individual, function-suited roles and rights by IT, if called for by upper management

Use of network drives for authorised users (groups)

Differentiated authorisation for reading only or writing (changing / deleting) access

User authorisation issued with relation to the application

Logging which users use the databases

Storing usage logs on security related data going back for 6 months

Security policy

Data storage media / data storage media administration

Proof of input, output and existing data

Storage of data media in the internal security sector

Constantly in locked rooms / safes

Documented security processes

Specifying authorised persons

Use of private data storage media forbidden

Controlled destruction of data storage media

Destruction of address data performed according to procedures described in ISO 9001

… (continued)


USAGE CONTROL (continued) MEASURES

Controlled destruction of data storage media (continued)

Physical destruction

Secure document containers

Exchangeable and fixed disks which are no longer for use should be rendered unusuable by IT

Disposal / destruction via certified disposal companies after previous appointment arrangement

Keeping data storage media in separate, secure-access hardware archive until disposed of

Issuing disposal certificates

SOX control

Special regulations for mobile terminals

Mobile PCs (laptops, notebooks) must be kept locked away outside working hours

Fixed hard disk encryption on all laptops

Special regulations for mobile terminals

Mobile PCs (laptops, notebooks) must be kept locked away outside working hours

Fixed hard disk encryption on all laptops


7. Transmission control

7.1 Objective

The objective of the transmission control is to prevent unauthorised reading, copying, changing or removing of personal data during electronic transmission, transportation and / or storing.

7.2 Measures

TRANSMISSION CONTROL MEASURES

Data transmission Transmission of files only to an authorised person and with a transmission log

Documentation of all addresses along the transmission chain

Documentation of PCs, software and files with personal data

Completeness and correctness check

Transport security Internal transmission: via internal network / secure exchange portal

Portal participants to be regulated by user recognition and rights concepts

Logging / traceability of all use

Proof of use and transmission control via log files

External transmission: encrypted as agreed with the receiver and / or by courier

Compressed / encrypted with password protection, strong encryption algorithm (Standard: AES-256)

Sealed transport containers

Reliable messengers / transport companies


8. Input control

8.1 Objective

The objective of the input control is to provide options for subsequent testing whether personal data was entered, changed and / or removed in the data processing system and by whom.

8.2 Measures

INPUT CONTROL MEASURES

Systems for logging and logging evaluation

Automatic logging of file use / file changes

Logs for security-relevant data documentation can be evaluated restrospectively (6 months)

Documentation of the input methods

Specification of those authorised for compiling data storage media and processing data

Subsequent traceability of the completed data input


9. Order control

9.1 Objective

The objective of the order control is to guarantee that personal data processing is only done in compliance with the instructions of the contractor.

9.2 Measures

ORDER CONTROL MEASURES

Formalising the placement of an order between the principal contractors

Detailed written regulation of the contractor relationship and formalisation of the complete order process

Clear regulation of the competences and responsibilities

Documentation of the process stages via an internal portal

Work step control

Administration, security, documentation of the address data in the respective interaction system provided

Formalising the placement of an order with respect to all the subcontractors

Careful choice of contractor

Detailed written regulation of the contractor relationship and formalisation of the complete order process

Contractual obligation of the subcontractor to data protection and secrecy

Order control and documentation


10. Availability control

10.1 Objective

The objective of the availability control is to protect personal data from accidental destruction and / or loss.

10.2 Measures

AVAILABILITY CONTROL MEASURES

Data security concept Central backup system with authorisation and destruction system

IT is responsible for carrying out the data security measures

Changed databases are saved every day

For weekdays a separate data storage medium is used

Every week all the databases are fully backed up

Programme directories are backed up after every change to ensure that there is always at least one copy of the latest programme database

Back-up process checked monthly

Back-up logs checked daily

Monthly test restores for data

Restore by IT

Storage of back-up copies in different fire-protected and sealed rooms / safes

Guidelines for data archiving

Emergency plans / IT continuity management

IT continuity test according to fixed processes and time intervals

SOX control

Fire protection systems Fire protection zones

Fire protection doors

Air-conditioning for server / technology rooms


AVAILABILITY CONTROL (continued)

MEASURES

Fire protection systems (continued)

Smoke and fire alarms in the computer center

Connection of the computer center to fire brigade emergency call center

Fire extinguisher equipment in the computer center

Plans for escape, rescue and fire protection

Software installation PCs are fitted with standard software

Extensions to the standard software only after examination and approval by the board of management / IT

Completely ISO 20000 compliant release management

Firewall installation Protection of the internal networks using several firewall systems

Use of IDS / IPS systems

Incoming mails are examined for malicious software by an automatic process

Data storage media Data storage media received or to be dispatched are to be examined for malicious software with a virus scanner before being used or dispatched

Virus protection Installation and constant updating of automatic virus protection

Blocking of sites Blocking of indexed websites

Power supply Installation of emergency power diesel and UPS systems / Safe server shut down in the case of a power cut


11. Separation control

11.1 Objective

The objective of the separation control is to ensure that personal data collected for different purposes is processed separately.

11.2 Measures

SEPARATION CONTROL MEASURES

Separated processing / File management for each other

Ensured by process descriptions and examination requirements in accordance with ISO certified quality management system

Separation by project numbers

Data can only be used / processed for the purpose agreed

Separated logging of individual work steps for each order

Ensured by process descriptions and examination requirements in accordance with ISO certified quality management system

Function separation Saving data and programs in different directories

Using pseudonyms for test data

DEKRA Certification GmbH * Handwerkstraße 15 * D-70565 Stuttgart * www.dekra-certification.de page 1 of 2

CERTIFICATE

ISO 9001:2008

DEKRA Certification GmbH hereby certifies that the company

Kantar Shared Services GmbH & Co. KG Kantar Deutschland GmbH Scope of certification:

Market research for decisions in economy and society, Market media and opinion research Certified location:

D-80687 München, Landsberger Straße 284 (further locations see annex)

has established and maintains a quality management system according to the above mentioned standard. The conformity was adduced with audit report no. A15011050.

This certificate is valid from 2017-03-13 to 2018-02-26

Certificate registration no.: 90103074/5

Lothar Weihofen

DEKRA Certification GmbH, Berlin, 2017-03-13


Annex to the Certificate No. 90103074/5

valid from 2017-03-13 to 2018-02-26 The following locations belong to the certificate above:

Headquarter Certified location Scope of certification

Kantar Shared Services GmbH & Co. KG Kantar Deutschland GmbH

Landsberger Straße 284 D-80687 München

Market research for decisions in economy and society, Market media and opinion research

Subsidiaries Certified location Scope of certification

1. Kantar Shared Services GmbH & Co. KG Kantar Deutschland GmbH

Landsberger Straße 284 D-80687 München


2. Kantar Deutschland GmbH Friedensallee 11

D-22765 Hamburg


3. Kantar Deutschland GmbH Stieghorster Straße 86-90 D-33605 Bielefeld

Telephone data collection on behalf of TNS Germany GmbH

4. Emnitel GmbH Stieghorster Straße 90 D-33605 Bielefeld


5. Infratel GmbH Landsberger Straße 336 D-80687 München


6. Telquest GmbH Ludwigsluster Straße 29 D-19370 Parchim

Consulting and services based on personalized data

7. Kantar Live GmbH Landsberger Straße 284 D-80687 München

Services for economic and social research

8. infraquest GmbH Landsberger Straße 336 D-80687 München

Services for economic and social research

Lothar Weihofen

DEKRA Certification GmbH, Berlin, 2017-03-13


CERTIFICATE

ISO 20252:2012

DEKRA Certification GmbH hereby certifies that the company

Kantar Shared Services GmbH & Co. KG Kantar Deutschland GmbH Scope of certification:

Market research for decisions in economy and society, Market media and opinion research Certified location:

D-80687 München, Landsberger Straße 284 D-22765 Hamburg, Friedensallee 11 D-33605 Bielefeld, Stieghorster Straße 86-90

The requirements of ISO 20252:2012 Market, opinion and social research – fulfilled. This is verified in certification audit report No. A15011050. This certificate confirms that the QM system satisfies the more far-reaching requirements of ISO 20252:2012 in respect to ISO 9001:2008. This certificate is only valid upon successful completion of the surveillance audit. This certificate is only valid in connection with main certificate Nr 90103074/5.

This certificate is valid from 2017-03-13 to 2018-02-26

Certificate registration no.: 3004078001/4

Lothar Weihofen

DEKRA Certification GmbH Berlin, 2017-03-13

CERTIFICATE

The Certification Body of TÜV SÜD Management Service GmbH

certifies that

Kantar Holding GmbH Landsberger Str. 284

80687 München Germany

including the sites see enclosure

has established and applies an Information Security Management System according to “Statement of Applicability” for

Handling of data and information within the framework of market and social research.

An audit was performed, Report No. 70763550.

Proof has been furnished that the requirements according to

ISO/IEC 27001:2013

are fulfilled.

The certificate is valid from 2017-05-04 until 2019-12-15.

Certificate Registration No.: 12 310 46872 TMS.

Version of the statement of applicability: V 1.4; 2015-10-26.

Product Compliance Management

Munich, 2017-05-05

Page 1 of 2

Enclosure of Certificate Registration No.: 12 310 46872 TMS

Sites

Kantar Holding GmbH Stieghorster Str. 86-90, 33605 Bielefeld, Germany

Kantar Shared Services GmbH & Co. KG Landsberger Str. 284, 80687 München, Germany

Kantar Shared Services GmbH & Co. KG Stieghorster Str. 86-90, 33605 Bielefeld, Germany

Kantar Shared Services GmbH & Co. KG Borselstr. 20, 22765 Hamburg, Germany

Kantar Deutschland GmbH Moosdorfstraße 7-9, 12435 Berlin, Germany

Kantar Deutschland GmbH Landsberger Str. 284, 80687 München, Germany

Kantar Deutschland GmbH Stieghorster Str. 86-90, 33605 Bielefeld, Germany

Kantar Deutschland GmbH Borselstr. 20, 22765 Hamburg, Germany

Kantar Deutschland GmbH Darmstädter Landstr. 112, 60598 Frankfurt, Germany

Kantar Live GmbH Landsberger Str. 284, 80687 München, Germany

Infratest dimap Gesellschaft für Trend- und Wahlforschung mbH Moosdorfstr. 7-9, 12435 Berlin, Germany

TNS Infratest Slovakia s.r.o. Business Center, II Blok E, 5. posch, Prievozska 4

821 09 Bratislava, Slovak Republic

Product Compliance Management

Munich, 2017-05-05

Page 2 of 2

data protection concept - european commission...germany t +49 89 5600 0 [email protected] 2.6...

Documents