Data protection and security regulations for Microtronics remote access

Where desired by the customer or technically possible, Microtronics can, if necessary, but with individual consent, carry out preventive remote maintenance and support access to solve problems, summarised here as “remote access”. The framework conditions applicable to such transactions are described below. The deployment of application updates by Microtronics is not covered by remote access.

Technical and organisational measures

Microtronics undertakes to take all technical and organisational measures required by national data protection laws and the GDPR as well as any divergent national regulations and other legal provisions applicable to it in order to ensure a level of protection appropriate to the risk. In particular, the data security measures must ensure an adequate level of protection and correspond to the state of the art, depending on the type, scope, circumstances and purpose of the processing as well as the different probability of occurrence and the severity of the risk posed by the processing to the rights and freedoms of the data subjects. Microtronics is permitted without restriction to replace existing measures with alternatives. During and after such changes, the safety level of the specified measures must not be undercut. The design of measures and compliance with them is the subject of regular audits.

Remote access modalities

• Remote access is technically prevented unless explicitly enabled by the customer. Through customer configuration (hosted) or creation of a corresponding network access (on-premise).
• Where possible, remote access is only possible after individual authorisation by an authorised customer representative.
• Remote access is only possible via suitable, secure equipment provided by Microtronics for this purpose.
• Microtronics only grants remote access to support personnel, with secure storage of access information and for the purpose stated herein.
• Personnel entrusted with support tasks are obliged to maintain confidentiality and data secrecy during their active employment and beyond.
• Personal data is only actively viewed in the course of remote access if this is conducive to error analysis or maintenance activity.
• Personal data is neither extracted from the system nor stored in any other way as part of remote access.
• If the entire database has to be copied into a test system for extended, invasive error analysis, this shall only be done with separate written confirmation from the client. As a result, the same level of protection applies to the target system as for productively hosted customer services.
• Remote access by Microtronics takes place exclusively from within the European Union and exclusively by Microtronics personnel, no subcontracting takes place in these cases.
• In addition to the above measures, there is also the option of actively monitoring remote access via screen sharing or having it recorded by the support staff if requested to do so.

Deviations

• Microtronics operates isms@microtronics.com a contact point for questions about this measure design or findings regarding deviations.
• Microtronics is committed to supporting the client at all times when dealing with security incidents.