White Paper Data Security and Privacy Compliance

  1. Data Security and Privacy Compliance
  2. Analyzed Data
  3. User Data
  4. High Security Data Centers
  5. Sub-Processors in Germany
  6. Data Security
  7. Employees
  8. Data Portability
  9. CCPA
  10. Further Questions

Data Security and Privacy Compliance

ATLAS.ti enables the world’s leading universities and companies to analyze their data and turn it into qualitive insights. As we process millions of valuable and sensitive data points on a daily basis, we take data security and privacy compliance very seriously and attach utmost importance to safeguarding the personal data we process on behalf of our clients.

ATLAS.ti implemented a comprehensive information security and data protection management system to ensure both the security of the data processed with ATLAS.ti Web and full compliance with all relevant privacy laws and regulations, including GDPR, CCPA, HIPAA and LGPD.

Analyzed Data

With ATLAS.ti the users can analyze almost any kind of data, including personal data. Such data is processed by ATLAS.ti as a data processor, on instruction of our clients. Such data processing by ATLAS.ti is subject to our Data Processing Agreement (in accordance with Art. 28 GDPR).

User Data

Users of ATLAS.ti Web provide personal data (like their name and email address) to create an account and to use ATLAS.ti Web. This user data is processed by ATLAS.ti as controller to provide our software and services to our clients. The processing of user data is described in our Privacy Policy. Such data may be processed outside of the EU, based on appropriate safeguards (EU Standard Contractual Clauses).

High Security Data Centers

All data that is handled and processed through ATLAS.ti Web is fully secured against unauthorized access. All data is fully encrypted, managed and stored by SOC-compliant data center providers with all relevant ISOI certifications, including, but not limited to, ISO 27001 and ISO 27018.

Hosting in Germany

ATLAS.ti Web is hosted with Amazon Web Services in Germany. The data processed via ATLAS.ti Web by ATLAS.ti as a data processor is processed in the EU only, no data is transferred to third countries outside of the EU.

Sub-Processors in Germany

We are using an external service provider, based in Germany, for support and maintenance of ATLAS.ti Web. In addition, we are using another external service provider, also based in Germany, for hosting and operation of ATLAS.ti Web. The hosting and operations service provider uses the Amazon Web Services data center region Germany (Frankfurt) as hosting provider.

Data Security

ATLAS.ti implemented industry-standard intrusion prevention and detection systems and data loss prevention systems to ensure the security of the data processed with ATLAS.ti Web.

ATLAS.ti implemented a comprehensive framework of security policies, including password requirements, a detailed backup policy and regularly tested business continuity processes.

ATLAS.ti implemented a role-based authorization concept on a strict “need to know” basis that ensures that employees receive access rights to applications and data depending on their respective area of responsibility and, if necessary, on a project basis.

All IT systems used by ATLAS.ti for our clients are multi-client capable. The logical assignment of the data processed on behalf of a customer to the respective client and thus the logical separation of the data is always ensured.

Please find a detailed overview of the technical and organizational measures of data security we implemented in our Data Processing Agreement.

Employees

All ATLAS.ti employees are regularly trained on data protection topics. All employees are obliged to handle personal data confidentially.

Data Portability

Every client can download/export all data processed via ATLAS.ti Web at any time. At the end of the contract, we will ask you to download/export all data and will, after a certain grace period, delete the system and all data.

CCPA

ATLAS.ti does not sell any personal information, we only process our client’s data to provide our software and services and we don’t use our client’s data for any other purposes than to provide our software and services, as described in our Terms & Conditions, our Data Processing Agreement and our Privacy Policy.

Further Questions

For any further questions, please reach out to our data protection officer, Rechtsanwalt Christian Schmoll, at [email protected].