DATEV's Online Data Security Principles
- 1. Collecting and processing personal data
- 2. Handling e-mail addresses
- 3. Security
- 4. Cookies
- 5. Links to other websites
- 6. Encrypting data during transmission
- 7. Information
- 8. Contact us
1. Collecting and processing personal data
1.1. Accessing public websites
When accessing our public websites, anonymous web server logbooks are created which DATEV saves for statistical purposes for about 2 to 3 months (e. g. how often was the website accessed), or for error tracking. Furthermore, DATEV saves personal usage data as an internal security measure (e.g. as identification in case of attacks) up to 7 days. Further analysis of your data will not be carried out without your consent.
1.2. Use of online applications with high access protection (SmartCard) or with the DATEV user account (authenticated with username and password)
When using online applications (business processes between DATEV and its customers), the following user information may be collected for the purpose of error and performance analysis, as well as tracking transactions, which were carried out:
Identification of the user (with the SmartCard: SmartCard ID, certificate, or similar; with the DATEV user account: username or similar)
- customer identification (via membership number)
- time of your enquiry and our answer
- transmitted data volume
- transactions called (URLs)
- error messages of authentication procedures and applications
User-specific details are stored up to a maximum of 2 weeks. These data are exclusively analyzed for research in the event of a fault or for performance issues. Information aggregated on the level of consultant number (such as which consultant number called the transaction on which day) are stored in the context of legal provisions (such as retention periods according to German Commercial Code and General Fiscal Law). The same applies to application-specific information that is collected for billing purposes.
1.3. Personal data
In addition, your personal data are only saved if you specifically state these, for example, in context with a survey or an order. Your data are used only for the purpose indicated on the respective page, for example, in order to process your order.
If you call pages and files within this offer, and you are prompted to enter personal data, please note that this data is transmitted unsecured via the Internet. Therefore, the data can be reviewed or falsified by unauthorized third parties. These risks do not exist in the non-public area of our Internet site, since the data transmission is encrypted.
2. Handling e-mail addresses
When sending us an e-mail we use your e-mail address only for correspondence with you.
DATEV applies technical and organizational security measures to protect the data we manage for you. We protect it from manipulation, loss, destruction and unauthorized access. Our security measures are continuously improved according to technological developments.
Cookies are small amounts of data which the operator of a website stores onto your computer.
On its own website, DATEV uses temporary cookies as well as permanent ones. As the term implies, temporary cookies are only valid for a limited time and contain data such as an identification number (a so-called session ID). They enable the server to allocate successive browser enquiries to the same user. As soon as the user exits the browser the cookies are automatically deleted.
5. Links to other websites
If you call an external website from our site (external link), the external providers may receive information from your browser from which website you reached him. The external provider is responsible for these data. Like any other provider, we are not able to influence this process.
6. Encrypting data during transmission
Information transfered via the Internet is normally not coded. Since the way of the data between the server and the local personal computer can never be exactly predicted, the transferred data can be reviewed in many spots of the way.
As a matter of principle, sensitive information is transmitted encrypted between the non-public area of our website to your personal computer.
When using a SmartCard, the keys required for this technology are stored on a SmartCard. Therefore, the non-public areas can only be accessed when using a SmartCard.
When using a DATEV user account, the data transmitted via the DATEV use account are SSL encrypted. Basic browser mechanisms are used for server authentification and SSL encryption.
In case DATEV has stored personal data, you can request information on these stored data free of charge. Please inform us if we have stored incorrect information about you so we can correct, block, or delete it.
8. Contact us
Data protection officer:
Dipl-Math. Rudolf Berthold Gerhard
Paumgartnerstraße 6 - 14
90429 Nuremberg, Germany
Tel.: +49 911 319-0
As of Oct 2013