Subcontracting ArrangementsSpecification of the Order ContentAgreement
on Order Processing in accordance with Art. 28 GDPR
To you, our customer,
– Data Controller –
hereinafter referred to as the Controller
and
ACARiS GmbH
represented by the Managing Director Dr. Arne-Rasmus Dräger
Ludwig-Erhard-Straße 18/p>
, 20459 Hamburg
Email: info@acaris.net
Tel.: +49 40 – 32597525
– Data Processor –
hereinafter referred to as the Processor
1. Subject and Duration of the Order
(1) Subject
The subject of the order for data processing is the execution of the following tasks by the Processor:
Installation and maintenance of the so-called Horse-Protector units, which contain video cameras.
Collection, storage, and processing/analysis of these film recordings (without sound) from the horse stable through artificial intelligence.
In this context, it may be necessary to use and process personal data, for which the Controller is the responsible entity within the meaning of the EU General Data Protection Regulation [GDPR], before and after the conclusion of a contract.
(2) Duration
The duration of this agreement corresponds to the duration of the business relationship between the parties.
2. Specification of the Order Content
(1) Nature and Purpose of the Intended Data Processing
The Controller instructs the Processor to collect, store, and analyze video recordings (without sound) using Artificial Intelligence. Continuous video recordings enable Artificial Intelligence to monitor the horse(s) in the stable, learn their behavior, analyze their health, and ensure desired security.
Artificial Intelligence relies on continuously recording, learning, and analyzing various behavioral parameters of the horse. It may be necessary to use and process personal data, for which the Controller, as per the EU General Data Protection Regulation [GDPR], is the responsible entity, before and after a contract is concluded.
(2) Type of Data
The processing of personal data includes the following types/categories of data:
Video recordings of a person (without sound)
(3) Categories of Data Subjects
The categories of individuals affected by the processing include:
Employees of the Controller
Customers (owners and caretakers of the horses)
Suppliers
Visitors
and all other individuals present in the horse stable
(4) Balancing of Interests for Video Surveillance and Recording
The creation of video recordings via Horse-Protector units is initially for the analysis of horse behavior, as mentioned above. Without continuous video surveillance, it would not be possible to trigger the alarms promised by the Processor in cases of horse illness or security-related incidents.
Additionally, data collection and processing serve to uphold legitimate interests under Article 6(1)(f) GDPR. According to this provision, a balance of the affected interests is necessary.
Upholding Legitimate Interests
Continuous monitoring of the horse in the stable contributes to the safety and health of the horse. On one hand, it enables artificial intelligence to learn and analyze horse behavior and assess the horse’s health. On the other hand, surveillance serves vandalism prevention, enforcement of house rules, protection of the horse owner’s property, investigation of thefts, and other security-related incidents. Recordings may be used in legal and non-legal proceedings.
Artificial Intelligence relies on continuously recording, learning, and analyzing various behavioral parameters of the horse. Without this, triggering expected alarms for illnesses, births, etc., by Horse-Protector would not be possible. It is possible that video cameras may capture images (without sound) of individuals present in the horse stable. With the help of this data, Artificial Intelligence learns to distinguish between humans and animals.
Necessity
The following examines whether specific video recording is suitable for achieving the purpose and whether alternative measures, less intrusive to the right to protection of personal data, are preferable.
For the reasons outlined, continuous monitoring is necessary. Otherwise, artificial intelligence cannot learn and analyze horse behavior or provide alarm notifications in security-related incidents (illness, births, entry of unauthorized persons, etc.).
Without permanent data storage, the contractual purpose – monitoring and safeguarding the horse’s health – would be jeopardized. A milder measure is not apparent.
However, a biometric analysis of recorded individuals (e.g., through facial recognition software) does not occur. It is also not automatically recorded which person was present in the horse stable at a specific time. Panning of the camera is not possible.
Balancing of Interests
The lawfulness of processing may be justified by the legitimate interests of the Controller (or a third party to whom personal data may be disclosed), provided the interests or fundamental rights and freedoms of the data subject do not prevail. In this context, the reasonable expectations of the affected individuals based on their relationship with the Controller must be considered (see Recital 47 to Article 6(1) lit. f GDPR).
Continuous monitoring of the horse through video cameras in the stable affects the rights of individuals entering this stable, especially their right to their own image. In contrast, the interests of the Controller in monitoring and preserving the health of their horse stand.
Considering these interests, the rights of recorded individuals appear less vulnerable. This is evident from the intensity of the intervention: Clear signs are placed in front of the horse stable – and thus in the monitored area – informing individuals about the video recordings and the responsible party. Hence, there is no covert surveillance.
Furthermore, only a very limited area is monitored – the horse stable – which only a manageable number of individuals may rightfully enter, namely only those caring for the horse. Besides the owner or caretaker of the horse, only employees of the Controller and potentially individuals authorized by the owner to handle the horse are eligible. Unauthorized individuals who enter the horse stable and potentially endanger the horse’s safety are also considered.
Despite the significant infringement on the personal rights of these individuals, it should be noted that no audio recordings are made, and no biometric analysis of individuals (such as through facial recognition software) takes place. The data is not shared and remains with the Processor and Controller. Only in cases of criminal activity and for enforcement in civil and/or criminal proceedings could sharing with authorities or courts be conceivable.
In light of the above, the interests of the affected individuals seem less worthy of protection than those of the Controller.
3. Technical and Organizational Measures
(1) The Processor shall document and submit to the Controller for review the implementation of the technical and organizational measures outlined and necessary before the commencement of processing, especially regarding the specific execution of the order. Upon acceptance by the Controller, the documented measures become the basis of the order. If the Controller’s review indicates a need for adjustment, such adjustments shall be mutually agreed upon.
(2) The Processor shall ensure security in accordance with Art. 28(3)(c), Art. 32 GDPR, particularly in connection with Art. 5(1), (2) GDPR. The measures to be taken collectively are data security measures aimed at ensuring an appropriate level of protection concerning the confidentiality, integrity, availability, and resilience of the systems relative to the risk. The state of the art, implementation costs, the nature, scope, and purposes of processing, as well as the varying likelihood and severity of the risks to the rights and freedoms of natural persons under Art. 32(1) GDPR, must be considered [details in Annex 1].
(3) Technical and organizational measures are subject to technological progress and development. In this regard, the Processor is permitted to implement alternative appropriate measures. However, the security level of the defined measures must not be compromised. Significant changes are to be documented.
4. Correction, Restriction, and Deletion of Data
(1) The Processor may not independently correct, delete, or restrict the processing of data processed under the order but only based on documented instructions from the Controller. If an affected person directly contacts the Processor regarding these matters, the Processor shall promptly forward such requests to the Controller.
(2) If included in the scope of services, concepts for deletion, the right to be forgotten, correction, data portability, and information shall be ensured directly by the Processor based on documented instructions from the Controller.
5. Quality Assurance and Other Duties of the Processor
In addition to complying with the provisions of this order, the Processor guarantees compliance with legal obligations pursuant to Art. 28 to 33 GDPR; in this regard, the Processor ensures, in particular, compliance with the following requirements:
(1) The Processor is not obliged to appoint a Data Protection Officer.
(2) Maintaining confidentiality in accordance with Art. 28(3) sentence 2 lit. b, 29, 32(4) GDPR. The Processor only employs individuals in the execution of work who are obligated to confidentiality and have been familiarized with the relevant data protection provisions. The Processor and anyone under the Processor’s authority who has access to personal data may process such data solely in accordance with the instructions of the Controller, including the powers granted in this contract, unless they are legally required to process the data.
(3) Implementation and compliance with all technical and organizational measures required for this order in accordance with Art. 28(3) sentence 2 lit. c, 32 GDPR [details in Annex 1].
(4) Upon request, the Controller and the Processor shall cooperate with the supervisory authority in fulfilling their tasks.
(5) Promptly informing the Controller of control actions and measures of the supervisory authority, to the extent they relate to this order. This also applies if a competent authority investigates the processing of personal data in connection with order processing by the Processor as part of an administrative offense or criminal proceeding.
(6) If the Controller is exposed to a control by the supervisory authority, an administrative offense or criminal proceeding, liability claims of an affected person or a third party, or any other claim related to order processing by the Processor, the Processor shall assist the Controller to the best of its ability.
(7) The Processor regularly monitors internal processes, as well as technical and organizational measures, to ensure that processing within its scope of responsibility complies with the requirements of applicable data protection laws and guarantees the protection of the rights of the data subjects.
(8) Demonstrability of the implemented technical and organizational measures to the Controller within the framework of its control powers under Section 7 of this contract.
6. Subcontracting Arrangements
(1) Subcontracting arrangements within the scope of this regulation refer to services directly related to the provision of the main service. Excluded from this are ancillary services, such as those the Processor uses for telecommunication services, postal/transport services, maintenance and user services, or the disposal of data carriers, as well as other measures to ensure the confidentiality, availability, integrity, and resilience of hardware and software of data processing systems. However, the Processor is obligated to take appropriate and legally compliant contractual agreements as well as control measures to ensure data protection and data security for the Controller’s data, even for outsourced ancillary services.
(2) The Processor may only commission subcontractors (additional data processors) with the prior express written or documented consent of the Controller.
To provide the contractually owed services, the Processor engages subcontractors within the meaning of Art. 28(2) and (4) GDPR. The Controller hereby grants the Processor a general written authorization for the use of the subcontractors listed below. The Processor shall inform the Controller in advance, in text form, of any intended engagement or replacement of a subcontractor. The Controller may object to the change within a reasonable period for important data protection reasons.
Currently engaged subcontractor:
Google Cloud EMEA Limited / Google Cloud Platform
Purpose of processing: Provision of cloud infrastructure, computing power, storage, network services, security functions, and backup and recovery functions for the services of ACARiS GmbH.
Type of processing: Storage, transmission, provision, backup, and technical processing of personal data, in particular video recordings without sound and associated operational, access, and log data.
Processing location / region: European Union, in particular the Google Cloud region Netherlands / europe-west4, insofar as technically and contractually configured.
Third-country transfer: Processing outside the EU/EEA is not envisaged, insofar as ACARiS limits processing to EU regions. Insofar as, in individual cases, a third-country transfer by Google or its further subcontractors cannot be excluded, such transfer takes place only on the basis of appropriate safeguards pursuant to Art. 44 et seq. GDPR, in particular EU standard contractual clauses, where required.
Security measures: Processing takes place on encrypted Google Cloud instances. Data is encrypted in transit. Customer data is additionally protected by access restrictions, role-based permissions, individual user accounts, logging, network segmentation, and further technical and organizational measures.
Contractual basis: Data protection agreements are in place with the subcontractor that meet the requirements of Art. 28 GDPR and impose on the subcontractor essentially the same data protection obligations as agreed between the Controller and the Processor.
Outsourcing to subcontractors or changing the existing subcontractor is permissible, provided that:
the Processor notifies the Controller in writing or in text form of such outsourcing to subcontractors in advance and
the Controller does not object to the planned outsourcing in writing or in text form by the time of data transfer and
a contractual agreement is based on Art. 28(2-4) GDPR.
(3) The disclosure of personal data of the Controller to the subcontractor and its initial activities are only permitted once all conditions for subcontracting are met.
(4) If a subcontractor provides services outside the EU/EEA, or if access from a third country exceptionally takes place, the Processor ensures, before processing begins, that the data protection requirements of Art. 44 et seq. GDPR are met. This may be achieved in particular by an adequacy decision of the European Commission, EU standard contractual clauses, and any necessary additional technical, organizational, or contractual measures. ACARiS aims to process personal customer data within the EU/EEA.
(5) Further subcontracting by the subcontractor is not envisaged. It would require the express prior consent of the main contractor (at least in text form).
All contractual regulations in the contractual chain must also be imposed on any further subcontractor in the event of further outsourcing.
7. Controller’s Inspection Rights
(1) The Controller has the right, in consultation with the Processor, to conduct inspections or have them carried out by auditors to be named in individual cases. The Controller has the right to convince itself of the Processor’s compliance with this agreement in the course of its business operations through random checks, which are generally to be announced in a timely manner.
(2) The Processor ensures that the Controller can verify the compliance with the Processor’s obligations according to Art. 28 GDPR. The Processor undertakes to provide the necessary information to the Controller upon request and, in particular, to demonstrate the implementation of technical and organizational measures.
(3) Evidence of measures that do not only concern the specific order may be provided through compliance with approved codes of conduct under Art. 40 GDPR, certification according to an approved certification procedure under Art. 42 GDPR, current certificates, reports, or excerpts from reports from independent bodies (e.g., auditors, revision, data protection officer, IT security department, data protection auditors, quality auditors), or suitable certification through IT security or data protection audits (e.g., according to BSI basic protection).
(4) The Processor may claim a remuneration for enabling controls by the Controller.
8. Notification of Violations by the Processor
(1) The Processor supports the Controller in complying with the obligations mentioned in Articles 32 to 36 of the GDPR regarding the security of personal data, notification obligations in the event of data breaches, data protection impact assessments, and prior consultations. This includes, among other things:
ensuring an adequate level of protection through technical and organizational measures that take into account the circumstances and purposes of processing, as well as the predicted probability and severity of a potential violation of rights due to security gaps, and enabling the immediate identification of relevant violation events;
obligation to report breaches of personal data to the Controller promptly;
obligation to assist the Controller in fulfilling its information obligations towards the data subject and providing all relevant information immediately in this context;
assisting the Controller in its data protection impact assessment;
assisting the Controller in prior consultations with the supervisory authority.
(2) The Processor may claim compensation for support services that are not included in the service description or not attributable to the Processor’s misconduct.
9. Instruction Authority of the Controller
(1) The Controller promptly confirms oral instructions (at least in text form).
(2) The Processor shall immediately inform the Controller if it believes that an instruction violates data protection regulations. The Processor is entitled to suspend the execution of the corresponding instruction until it is confirmed or modified by the Controller.
10. Deletion and Return of Personal Data
(1) Copies or duplicates of data are not created without the knowledge of the Controller. This excludes backup copies as far as they are necessary to ensure proper data processing, as well as data required to comply with legal retention obligations.
(2) After completing the contractually agreed-upon work – at the latest with the termination of the service agreement – the Processor must hand over all documents, processing and usage results produced, as well as data sets related to the contractual relationship, to the Controller or, with prior approval, destroy them in compliance with data protection standards. The same applies to test and waste material. The deletion protocol must be submitted upon request.
(3) Documentations serving as evidence of proper and lawful data processing are to be retained by the Processor beyond the end of the contract in accordance with the respective retention periods. The Processor may hand them over to the Controller at the end of the contract for its relief.
Technical and Organizational Measures for Data Security
– ACARiS GmbH –
ACARiS GmbH operates the cloud systems required for service provision on encrypted instances of the Google Cloud Platform. The processing of personal customer data generally takes place in the European Union, in particular in the Google Cloud region Netherlands / europe-west4, insofar as this is technically and contractually configured.
The systems used are configured so that personal data is encrypted during transmission. Storage takes place on encrypted cloud instances. Access to the systems is restricted to authorized persons and is carried out via individual user accounts, role-based permissions, and additional access protection measures. Administrative access is limited to the necessary extent and is logged.
Google Cloud is used as a sub-processor within the meaning of Art. 28 GDPR. Further details on the technical and organizational measures of Google Cloud can be found in the respectively applicable security and data protection documents of Google Cloud, as well as in the data protection agreements in place between ACARiS and Google.
Access Control
The access control aims to prevent unauthorized individuals from accessing processing facilities.
• ACARIS GmbH employees access data from their computers, protected by passwords. These computers temporarily store customer emails, while the actual data and archived emails are stored on external servers of the sub-processor Google Cloud Platform.
• Access to the external server requires an additional input of an individual username and password.
• External individuals have no access to the securely locked computers.
• Access to the data stored at Google Cloud Platform is further protected, particularly through:
Ongoing monitoring of the security infrastructure.
The data centers of Google Cloud Platform maintain an on-site security service responsible for all physical security functions of the data center 24/7. The on-site security personnel regularly monitors CCTV cameras (Closed Circuit TV) and all alarm systems. They conduct routine internal and external patrols within the data center.
Google Cloud Platform implements formal access procedures for physical entry into its data centers. These data centers are housed in facilities requiring an electronic card key for access, equipped with alarms connected to the on-site security service. Anyone entering the data center must provide identification and proof of identity to the on-site security personnel. Access to the data centers is restricted to authorized employees, contractors, and visitors. Only authorized employees and contractors are allowed to request access to these facilities using electronic card keys. Otherwise, access is granted only to those who have submitted an application, registered, and provided identification in advance.
Google Cloud Platform maintains a security policy and conducts security training for its own personnel.
Further details on access and entry controls can be found in the Terms of Service (TOMs) of the sub-processor Google Cloud Platform.
Datenträgerkontrolle
The data storage control measures aim to prevent unauthorized access, copying, alteration, or deletion of data carriers.
• ACARiS GmbH fundamentally avoids the use of data carriers, given that the majority of data is stored on the external servers of the sub-processor Google Cloud Platform.
• Google Cloud Platform has established the following procedures for data carrier control:
Every decommissioned data carrier undergoes a series of data destruction processes before leaving the premises of Google Cloud Platform for either reuse or destruction.
Decommissioned data carriers are subjected to a multi-stage process of deletion, followed by a completeness check. The results of the deletion process are logged and tracked.
In cases where a decommissioned disk cannot be deleted due to a hardware fault, it is securely stored until it can be safely destroyed.
Further details on access and entry controls can be found in the Terms of Service (TOMs) of the sub-processor Google Cloud Platform.
Storage Control
Storage control aims to prevent unauthorized access to stored personal data, including the ability to view, input, modify, or delete such data.
• Data from ACARiS GmbH is secured on the external servers of Google Cloud Platform.
• Access to temporarily stored emails from customers on ACARiS computers is restricted to respective employees, protected by a password.
• Access to external servers requires the input of an individual username and password.
• At Google Cloud Platform, storage control is planned as follows:
Google Cloud Platform stores data in a multi-tenant environment on its own servers.
The storage of personal customer data generally takes place on encrypted cloud instances within the European Union, in particular in the Google Cloud region Netherlands / europe-west4, insofar as this is technically and contractually configured. Processing outside the EU/EEA is not envisaged, insofar as ACARiS limits processing to EU regions.
Customers have the option to utilize logging functions provided by Google Cloud Platform.
Further details can be found in the Terms of Service (TOMs) of the sub-processor Google Cloud Platform.
User Control
User control aims to prevent unauthorized individuals from using automated processing systems through data transmission.
-
ACARiS GmbH’s data is secured on the external servers of Google Cloud Platform.
-
Only authorized employees have access to the data temporarily stored on ACARiS computers. Access to these computers is protected by a password.
-
User control for the servers at the sub-processor Google Cloud Platform is additionally secured, especially through:
Administrators and end-users of customers must authenticate themselves through a central authentication system or a single sign-on system to utilize cloud services.
Access is granted only to authorized individuals for data they are entitled to. It is ensured that personal data cannot be unauthorizedly read, copied, altered, or removed during processing, usage, and after recording. Systems are designed to detect any unauthorized access.
Google Cloud Platform uses a centralized access management system to control personnel access to production servers, allowing access only to a limited number of authorized personnel.
System access is logged to create an audit trail for traceability. Where passwords are used for authentication (e.g., logging into workstations), password policies are implemented meeting at least industry standards. These standards include restrictions on password reuse and adequate password strength. For access to extremely sensitive information (e.g., credit card data), Google Cloud Platform employs hardware tokens.
Google Cloud Platform uses a centralized access management system to control personnel access to production servers, allowing access only to a limited number of authorized personnel.
Further details can be found in the Terms of Service (TOMs) of the sub-processor Google Cloud Platform.
Access Control
Access control aims to ensure that those authorized to use an automated processing system have access solely to the personal data covered by their access authorization.
• ACARiS GmbH’s data is secured on the external servers of Google Cloud Platform.
• Only authorized employees have access to the data temporarily stored on ACARiS computers. Access to these computers is protected by a password.
• To access the external servers, the input of an individual username and password is additionally required.
• Access to data on servers at the sub-processor Google Cloud Platform is separately protected, especially through:
Google Cloud Platform uses a centralized access management system to control personnel access to production servers, allowing access only to a limited number of authorized personnel.
Access is granted only to authorized individuals for data they are entitled to. It is ensured that personal data cannot be unauthorizedly read, copied, altered, or removed during processing, usage, and after recording. Systems are designed to detect any unauthorized access.
Administrators and end-users of customers must authenticate themselves through a central authentication system or a single sign-on system to utilize cloud services.
Access is granted only to authorized individuals for data they are entitled to. It is ensured that personal data cannot be unauthorizedly read, copied, altered, or removed during processing, usage, and after recording. Systems are designed to detect any unauthorized access.
Google Cloud Platform uses a centralized access management system to control personnel access to production servers, allowing access only to a limited number of authorized personnel.
The authentication and authorization systems of the cloud service use SSH certificates and security keys and are designed to provide secure and flexible access mechanisms to Google Cloud Platform. These mechanisms are designed to grant only approved access rights to website hosts, logs, data, and configuration information.
Google Cloud Platform requires the use of unique user IDs, strong passwords, two-factor authentication, and carefully monitored access lists to minimize the potential for unauthorized account usage.
No use of personal customer data for training general AI models takes place, unless expressly agreed otherwise separately.
System access is logged to create an audit trail for traceability. Where passwords are used for authentication (e.g., logging into workstations), password policies are implemented meeting at least industry standards. These standards include restrictions on password reuse and adequate password strength. For access to extremely sensitive information (e.g., credit card data), Google Cloud Platform employs hardware tokens.
Further details can be found in the Terms of Service (TOMs) of the sub-processor Google Cloud Platform.
Transmission Control
Transmission control aims to ensure that it can be verified and determined to which locations personal data has been or can be transmitted or made available using data transmission facilities.
• Personal data is electronically transmitted only to authorized recipients (e.g., financial institutions for general payment transactions).
• Logfiles are used to provide evidence and trace the extent of external access.
• Data stored on Google Cloud Platform’s servers is additionally protected, especially by:
Google Cloud Platform offers HTTPS encryption (also known as SSL or TLS connection) and supports ephemeral elliptic curve Diffie-Hellman key exchange, signed with RSA and ECDSA. These Perfect Forward Secrecy (PFS) methods help protect data traffic and minimize the impact of a compromised key or cryptographic breakthrough.
The data centers of Google Cloud Platform are typically connected via private high-speed links to ensure secure and fast data transfer between data centers. This is to prevent unauthorized reading, copying, altering, or removal of data during electronic transmission, transport, or recording on data storage media. Data transmission is carried out using Internet standard protocols.
Personal data is protected during transmission by appropriate encryption methods, in particular TLS/HTTPS.
Further details can be found in the Terms of Service (TOMs) of the sub-processor Google Cloud Platform.
Transport Control
Transport control aims to ensure the confidentiality and integrity of personal data during transmission and transportation of data carriers.
• Since the data is stored and processed on the external servers of the sub-processor Google Cloud Platform, transportation or transmission is rarely necessary.
• Personal data is electronically transmitted only to authorized recipients (e.g., financial institutions for general payment transactions).
• Data stored on Google Cloud Platform’s servers is additionally protected, especially by:
Google Cloud Platform offers HTTPS encryption (also known as SSL or TLS connection) and supports ephemeral elliptic curve Diffie-Hellman key exchange, signed with RSA and ECDSA. These Perfect Forward Secrecy (PFS) methods help protect data traffic and minimize the impact of a compromised key or cryptographic breakthrough.
Further details can be found in the Terms of Service (TOMs) of the sub-processor Google Cloud Platform.
Recoverability
Recoverability aims to ensure that systems can be restored in case of disruptions.
-
All business-critical data of ACARiS GmbH is regularly backed up as part of a structured backup plan. This includes, and is especially focused on, personal data residing on these systems. The proper execution of backup tasks is regularly verified.
-
Restoration of data from security backups is promptly feasible and can be performed by ACARiS GmbH.
-
In addition to daily on-site backups, there is a regular georedundant full backup of all data on physically separate backup systems.
• As ACARiS GmbH’s data is stored and processed on the external servers of the sub-processor Google Cloud Platform, their concept of recoverability is decisive. Accordingly, recoverability is specifically ensured through:
Programs for maintaining business operations and for recovery in case of a disaster, which are regularly planned and tested.
Further details can be found in the Terms of Service (TOMs) of the sub-processor Google Cloud Platform.
Reliability
Reliability is intended to ensure that all functions of the system are available, and any malfunctions that occur are reported.
• Antivirus protection and firewall
• Since the data of ACARiS GmbH is primarily stored and processed on the external servers of the sub-processor Google Cloud Platform, their concept of reliability/resilience is crucial. Accordingly, reliability is particularly ensured through:
Google Cloud Platform employs multiple layers of network devices and intrusion detection to protect against external attacks, utilizing specialized technologies developed for this purpose.
There are specific systems designed to detect intrusions into Google Cloud Platform’s systems, including preventive measures with strict control over potential attack points, the use of intelligent detection controls at data entry points, and the deployment of technologies that automatically address certain critical situations.
Redundant circuits, switches, networks, or other necessary devices contribute to ensuring the required redundancy. Services are designed to allow Google Cloud Platform to perform certain types of preventive and corrective maintenance without interruption. Documented procedures for preventive maintenance exist for all business-critical devices and facilities, detailing the process and frequency of execution in accordance with manufacturer specifications or internal specifications.
Preventive and corrective maintenance on data center equipment is planned through a standard change process according to documented procedures.
The power supply systems of the data center are designed to be redundant and can be maintained 24/7 without affecting continuous operation. In most cases, critical infrastructure components in the data center have both a primary and an alternative power source, each with equal capacity. Backup power is provided through various mechanisms, such as uninterruptible power supplies (UPS), which offer consistent and reliable power protection during power outages, blackouts, over- and under-voltages, and frequency excursions. In the event of a power outage, the emergency power supply is designed to provide the data center with full power for up to 10 minutes until the diesel generator systems take over. The diesel generators can automatically start within seconds and provide enough emergency power to typically operate the data center at full capacity for several days.
Further details can be found in the Terms of Service (TOMs) of the sub-processor Google Cloud Platform.
Data Integrity
Data integrity aims to ensure that stored personal data cannot be damaged by system malfunctions.
-
The measures outlined through access, entry, and user controls ensure that data cannot be altered, damaged, or deleted by unauthorized individuals.
-
All business-relevant data of ACARiS GmbH is regularly backed up as part of a structured backup plan. This applies especially to personal data stored on these computers. The proper execution of backup tasks is regularly monitored.
-
Data restoration from security backups can be done quickly and is manageable by ACARiS GmbH itself.
-
In addition to daily on-site backups, there is a regular georedundant full backup of all data to physically separate backup systems.
-
As the essential data of ACARiS GmbH is stored and processed on the external servers of the sub-processor Google Cloud Platform, their concept for recoverability is crucial. Therefore, data integrity is particularly secured through:
Google Cloud Platform employs multiple layers of network devices and intrusion detection to protect against external attacks, utilizing specialized technologies developed for this purpose.
There are specific systems designed to detect intrusions into Google Cloud Platform’s systems, including preventive measures with strict control over potential attack points, the use of intelligent detection controls at data entry points, and the deployment of technologies that automatically address certain critical situations.
Further details can be found in the Terms of Service (TOMs) of the sub-processor Google Cloud Platform.
Availability Control
Availability control aims to ensure that personal data is protected against destruction or loss.
• As the data of ACARiS GmbH is stored and processed on the external servers of the sub-processor Google Cloud Platform, their concept for availability control is crucial. Therefore, availability is particularly secured through:
Programs for maintaining business operations and for recovery in case of a disaster, which are regularly planned and tested.
There are redundant circuits, switches, networks, or other necessary devices that contribute to ensuring the required redundancy. The services are designed so that Google Cloud Platform can perform certain types of preventive and corrective maintenance without interruption. For all business-relevant devices and facilities, there are documented procedures for preventive maintenance, detailing the process and frequency of execution according to manufacturer specifications or internal specifications. Preventive and corrective maintenance on data center equipment is planned through a standard change process according to documented procedures.
Further details can be found in the Terms of Service (TOMs) of the sub-processor Google Cloud Platform.