Common use of ENCRYPTION AND PSEUDONYMIZATION Clause in Contracts

ENCRYPTION AND PSEUDONYMIZATION. ☒ The electronic transmission of e-mail traffic is encrypted. ☒ The electronic transmission of personal data may only take place via encrypted and defined transmission and communication channels. The transmission of non-anonymized, personal CUSTOMER DATA (e.g., test data, employee master data, etc.) via transmission and communication channels that have not been jointly defined in advance is not permitted. ☒ Personal data shall be stored on IT systems of the CUSTOMER or in the ATOSS Cloud Services. ☒ The storage of personal data in the ATOSS internal business operations shall be encrypted. ☒ All data on mobile computers and storage media are encrypted. ☒ All encryption technologies used productively are state of the art*. ☒ The management of the key material is defined and documented for the relevant IT systems. ☒ Transport encryption is implemented exclusively end-to-end. ☒ A set of rules with requirements for encryption strength, algorithm, and key management is implemented. ☒ Pseudonymization of personal data using one-way functions. ☒ Pseudonymization by assignment tables, these are separated from the rest of the data processing. *Definition - state of the art comprises the technical knowledge gained up to the respective point in time, which has found its way into operational practice and is generally recognized.