Information on data protection and data security
DyRiAS is a web-based software that can be accessed via an encrypted website and is password protected. Your data is saved on a web server in Germany that is subject to German data protection laws and security standards. Access is only granted to authorized persons. High security standards ensure that your data is scrupulously protected against deletion, interference or unauthorized access.
The security settings of the server correspond to those of a web hosting server. Data is securely transmitted via SSL as supported by your web browser, whereby a 2048 bit key is used which is more complex than the average 1024 bit key. This means that even if the data transmission was intercepted, it is not possible to read the information that was forwarded to the server.
DyRiAS administrators have no access to user data.
With the grant of a license a user name is generated which contains the following information: First and last name, email address. We do not generate statistics on our users, i.e. the administrators have no information on the number of times an account is accessed by a DyRiAS user or his or her geographical location (principles of data economy and data avoidance according to §3a BDSG [Federal Data Protection Act]).
Loss of password
It is the responsibility of every user to securely handle his or her password. This contributes to the protection against unauthorized access to data. Only the superadmin is authorized to reset a user’s password should this have been lost and access to the system be denied.
Data secrecy (§5 BDSG [Federal Data Protection Act]) continues after termination of a contract.
Export / import of case files
Exported case files are encrypted and stored as a ‘.dyrias’ file. These files can only be opened in the DyRiAS application. Unauthorized parties have no access to information in this file.
Supplementary protection through anonymous files
In order to protect the personal rights of individuals featuring in a case that is entered into DyRiAS, it is recommended to create anonymous files, e.g. by avoiding clear names (such as ‘Peter Smith – grade 9c’) and information that can be traced back to specific individuals (better: ‘Case file 3 PS’ or a random code). Apart from clear names, naming a specific school or geographical location should also be avoided.
Sharing of personalized data with third parties
The data of our users is treated as confidential and is not shared with third parties. Case data is available only to the DyRiAS user. No information concerning our clients or provided by our clients is shared with third parties.
Case information provided by our users is not statistically evaluated. The algorithm underlying the risk assessment is based solely on cases that were selected and scientifically reviewed by IPBm according to specific criteria. Case information supplied by DyRiAS users is of no relevance for the further development of the algorithm or other uses. We have no access to case data entered by our users.
Your data is protected from loss by specific security measures. The data of the web server and the database server is secured in two separate steps. They are saved on a daily basis with a supplementary encryption on web hosting servers so that your data is protected from loss in the case of server failure. In addition, your data is stored in fire protection centers that conform to the highest security standards. Security checks and security personnel make sure your data is protected from all physical damage.
A back-up is supplied for the last 7 days of the current month. Also, you can export DyRiAS case files and save them on your own server. In this way, your data is protected against loss, fire, server failure or physical tampering in the server room.
Measures taken by the user
If you wish, you can take further steps to make your computer more secure. The following measures are recommended:
- Use a secure password
- Protect your computer against harmful software such as viruses, malware or Trojans
- Regularly update your system software and data protection software