Data Privacy Statement

USAGE OF PERSONAL DATA

NTS Netzwerk Telekom Service AG processes personal data in order to support employee and customer relationships as well as for its product development. At any time, NTS respects the right of each individual to protect personal data, which includes groups of data subjects like employees, interested parties, applicants, suppliers, partners as well as customers.

This privacy statement is the expression that NTS strives to be open and transparent with each data processing step and that NTS adheres to the laws of data protection.

NTS complies with all legal provisions when dealing with personal data. Additionally, the following principles have been established in the company-wide data protection policy and these are consequently applicable for each individual employee:

• Personal data is only used for legally authorized purposes or with explicit consent of the person concerned.
• Personal data is only used for the specific purpose of the business for which it was gathered.
• Whenever possible, personal data will be pseudonymized. If a personal reference is not required any longer, data will be anonymized.
• Personal data will be protected against access by unauthorized or external persons by using the latest technology.
• Data is kept up-to-date at any time to prevent faulty information.
• Personal data will be used sparsely: as much as necessary, as little as possible.
• Personal data will not be kept beyond the centrally registered storage period. The storage period will be kept as short as possible.

TECHNICAL AND ORGANIZATIONAL MEASURES

As an expert for IT-infrastructure, NTS has implemented comprehensive technical and organizational measures to protect employee and customer data. To ensure confidentiality, integrity and availability of Personal Data NTS has implemented periodical trainings of our staff and has successfully undergone an external certification according to ISO 27001.

CONFIDENTIALITY

Physical Access Control

Unauthorized access to systems, which process personal data, is not allowed. The relevant systems are protected by electronic key cards, keys and alarm systems, as well as super-vised by CCTV systems.

Logical Access Control

Unauthorized use of systems is not possible, because systems are protected by passwords. A clear password policy exists, which enforces the use complex passwords according to industry wide standards. The involved systems use password protected login-locks. Re-mote access to the NTS network is protected by two-factor authentication or similar technology.

According to valid security policies and procedures, supervised by ISO 27001 certification, it is not allowed to store customer data on client laptops permanently. Customer data is only stored on systems dedicated for this use. As an additional measure (defense in depth) all client laptops must use disk encryption.

Digital Access Control

Unauthorized reading, copying, change or destruction of data is not allowed on relevant systems. Specific access rights designed for a specific use of data must exist, prior to granting access. All access is logged.

Separation of Data Control

Data collected for a certain purpose are not merged or linked.

Transport

Unauthorized reading, copying or destruction of data is prevented during electronic transport of data. NTS provides platforms and systems which provide encryption on transport via public networks (e.g. secure transport to NTS file share platform). In addition, admin access to customer systems is encrypted with VPN (virtual private network) technology upon customer’s request.

INTEGRITY

In case of electronic transmission of sensitive data encryption technologies (see chapter Transport above) can be used on customer’s request. This is an effective countermeasure against unwanted alteration of data in transport.

Input Control
Access to relevant systems is controlled and change of data is logged.

AVAILABILITY AND RESILIENCE

NTS has ISO27.001 certified Business Continuity planning cycles in place, which are designed to improve data security on a regular basis. NTS uses anti-malware protection to minimize the risk of data loss.

PROCESS FOR REGULARY TESTING, ASSESSING AND EVALUATING

NTS’s ISO 27.001 certified Information System Management System (ISMS) ensures a valid Information Systems Security Policy. The whole ISMS is regularly reviewed and evaluated.

In addition, a Data Privacy Management System is established, which is regularly reviewed and evaluated.

Through these systems clear security roles and responsibilities are guaranteed. NTS regularly and voluntarily undergoes internal and external audits to recognize possible vulnerabilities in processes or systems. This enables NTS to be able to react promptly to such findings.

Incident handling processes ensure that threats are found fast and efficiently and are contained and eliminated as soon as possible.

PRIVACY STATEMENT

We not only regard data protection and data safety as a legal requirement, but as a special assignment by our customers, who place high levels of trust in us. We hope that by providing this information, we are able to strengthen your trust in our company.

Do not hesitate to contact us if you have questions regarding data protection and data safety. You can reach our data privacy coordination team at dataprivacy@nts.eu.

Alexander Albler
CEO, NTS Netzwerk Telekom Service AG