Technical and organizational measures
Only the German text of the data protection declaration is legally binding!
The English text is written to the best of our knowledge but is for informational purposes only for our English speaking users.
1. Premises
Fediverse Foundation (hereafter “we”, “us” or “the service”) operates its servers, applications and systems in private, secured and ISO 27001 certified data centers in Vienna, Austria. All data is physically stored in Vienna, Austria and is not transferred or shared to any third parties or external data processors.
The document furthermore describes all technical and organizational measures (TOMs) and security of processing pursuant to Article 32 GDPR Fediverse Foundation takes for its operational facilities.
2. Technical security measures
2.1 Confidentiality
2.1.1 Physical access control
This measures are aimed to prevent unauthorized persons from accessing data processing systems with which personal data is processed or used.
2.1.1.1 Key control
- Only the Fediverse Foundation operations team or authorized data center personnel have the permission to access the data center. Fediverse Foundation has allocated designated server racks at the data center.
2.1.1.2 Manual locking system
-
Outside business hours, all premises are locked.
2.1.1.3 Regulations for external persons
Fediverse Foundation-external persons can only enter the data center if they are granted access by a Fediverse Foundation employee. Thereby they must be supervised by Fediverse Foundation employees or a data center employee at all times.
2.1.2 System access control and authentication
Measures described here are suitable to prevent data processing systems from being used by unauthorized personnel. These measures apply to the whole of the Fediverse Foundation operations.
2.1.2.1 Assignment of user rights
For all services and processes, employees are assigned personal password protected user accounts. All personal devices (computers, laptops, etc.) used to access IT services are protected with a personal user account.
-
On the servers it is precisely regulated which client has access to which data. Likewise, the users of the systems only have access to those parts of the systems to which they need access (need-to-know principle). User accounts and administrative accounts are handled separately.
-
It is documented which function can be controlled by which right.
-
Role-based authorization concept.
-
It is also documented which rights allow which data access.
-
User accounts are uniquely assigned to users. There are no impersonal collective accounts.
-
User accounts and access rights are regularly audited by the Fediverse Foundation operations team.
-
All systems use encrypted storage of user passwords.
Under no circumstances may administrator passwords be disclosed to third parties.
2.1.2.2 Password requirements
All accounts must adhere to the following password rules:
The password must be at least 12 characters long and contain the following characteristics:
-
at least 1 capital letter
-
at least 1 lowercase letter
-
at least 1 number
- multi-factor authentication is implemented where possible
Alternatively, certificates can be used to log into accounts worth protecting (e.g. SSH keys, TLS certificates). In this case, there is no obligation to change the password regularly. However, it is important to ensure safe handling of the private key. This must not be stored unencrypted or passed on. Under no circumstances may passwords, certificates or keys be disclosed to third parties. Furthermore all credential data and/or key material must not be stored unencrypted or passed on.
2.1.3 Protection of the network infrastructure
-
Administrative access to the Fediverse Foundation servers is granted exclusively via a site-to-site VPN tunnel
-
Access to the Fediverse Foundation network is protected by a firewall
-
Access restrictions for certain services are implemented via IP address restrictions. Only ports explicitly allowed are accessible
-
Regular software and system updates are performed.
-
A reverse proxy is in place to enhance security and enforce access controls to Fediverse Foundation-hosted services
-
Fediverse Foundation maintains dedicated network equipment within the data center environment to ensure data protection and multi-tenancy
-
Segmentation of networks are used within the network infrastructure
-
Wireless network and LAN networks are separated networks. All wireless networks have proper access restrictions in place.
-
Monitoring and logging of administrative system access and configuration changes.
2.1.4 Data access control
Measures to ensure that persons authorized to use a data processing system have access only to the data they are authorized to access and that personal data cannot be read, copied, changed or removed without authorization during processing, use and after storage.
2.1.4.1 Regulation of access authorization
2.1.4.2 Evaluation of logs
-
Protocol logs including access to the systems can be evaluated and deviations can be identified. Depending on the application, this process may be automated.
2.1.5 Separation rule
Measures to ensure that data collected for different purposes are processed separately.
-
Logical client separation (on the software side).
-
Strict administrative separation of tasks.
-
The data processing for the client is logically separated from other clients.
-
Physical separation of test and production environments and data.
-
Logical data separation: separate databases or structured file storage
-
Separate instances for development, test and production systems (sandboxes).
-
Logging of external support processes.
-
Specific approval rules for the database and application access / authorization concept.
2.1.6 Privacy by design
Fediverse Foundation systems are designed in a way that only the regulatory necessary data is stored and/or processed.
2.2 Integrity
2.2.1 Transfer of data
Measures to ensure that personal data cannot be read, copied, altered or removed without authorization during electronic transmission or during their transport or storage on data carriers, and that it is possible to verify and establish to which bodies personal data are intended to be transmitted by data transmission equipment.
2.2.1.1 Controlled destruction of data media
-
Misprints or other documents that are no longer needed are destroyed with a shredder. It is ensured that the document destruction is done with a shredder.
-
When Data media is wiped by a supplier a contractual and audit procedure has to ensure the complete destruction of the information. Fediverse Foundation has to receive a certification that the destruction has occurred.
-
Destruction of physical media according to DIN 32757.
-
2.2.1.2 Regulation regarding handling of copies
-
No copies may be made of client data, except for back-ups. Members of staff are contractually obliged not to make copies or to hand over data to unauthorized persons.
2.2.1.3 Encrypted connections
-
Administrative access to the servers is implemented via a VPN tunnel.
-
All communication channels across network boundaries between servers are TLS encrypted.
2.2.1.4 Encrypted storage
- All media containing personal identifiable data is encrypted at rest
2.2.2 Logging of server and system access and user activities
Measures are in place to log all access requests and activities to Fediverse Foundation servers and systems hosted at the data center. Central gateway devices with two-factor authentication regulate access to the underlying systems which store and forward all access logs to a log management system.
2.3 Availability and resilience
Measures to ensure that personal data is protected against accidental destruction or loss:
-
The data is automatically backed up daily and kept for at least 30 days.
- All servers are protected by firewalls against unauthorized access.
- The systems are designed redundantly, so that a failure can be compensated quickly.
-
Fire and/or smoke detectors.
-
Cooling system in data center.
-
Disaster recovery mechanisms for data recovery.