Hogrefe ensures the security of customer data through the latest technologies and in accordance with the requirements of the EU General Data Protection Regulation (GDPR).
The principle that "the best data protection is to avoid data worthy of protection" has been implemented within the Hogrefe Testsystem (HTS 4 and HTS 5). It is not essential to record personal data in the system, only age and gender are necessary for certain tests (and this data alone cannot be used to identify a person). The identification of a person (by the diagnostician) may be done via an individual code (e.g., a number in a separate spreadsheet) in order that results may be linked back to individuals outside the HTS system.
It is the responsibility of the diagnostician to obtain consent for the collection and storage of data that could be used to identify an individual (e.g. name, date of birth and address) if that data is going to be collected and used during the diagnostic process.
Data on the servers will not be deleted automatically: This must be done by the diagnostician.
The data is automatically archived in a backup system in order to be able to recover it in the event of a disaster. Hogrefe recommends archiving test results on paper or electronically in order to show GDPR compliance.
Special emphasis is placed on the confidentiality of personal information and compliance with applicable privacy policies. Personal information stored in the Hogrefe Test System will only be processed according to the guidelines listed here.
The connections between client (online portal administration station) and server (hogrefe-online.com) on the one hand, as well as client (test area) and server (hogrefe-online.com) on the other hand, are made exclusively via encrypted SSL connections.
To ensure the accuracy and security of personal information and to prevent unauthorised access or misuse, modern safeguard procedures are used. These include:
The administration space (online portal) is secured by its own user administration, which ensures that only the data managed by a specific user can be viewed by that user. The Hogrefe support team cannot view personal data without the prior consent of the customer (password change).
The Hogrefe Testsystem fulfils the data protection requirements of the GDPR, complying with the principles of "privacy by design" and "privacy by default" outlined in Article 25 of the GDPR. As a result, the system may be used without the collection of personal data.
All HTS-related processing activities and internal processes are documented and regularly reviewed. These records of data processing also assist diagnosticians in the fulfilment of their data protection obligations outlined in Article 30 of the GDPR.
All employees have been familiarised with the requirements of the GDPR and are committed to confidentiality.
To protect data from loss, damage, unauthorised access and misuse, the Hogrefe online portal is hosted in a data center and uses a fail-safe data link. Organisational measures include:
Upon request, Hogrefe will provide customers with a complete list of technical and organisational measures with regard to the provisions of the GDPR and other regulations relating to data protection (in accordance with Article 32 of the GDPR).
Please note that test protection is included in data protection and neither the items within a test nor the results should be made public.
Professional testing procedures should be used when administering tests, whether they are written tests (paper and pencil) or online tests. Tests should be administered under controlled conditions, which includes verification of the identity of the test-taker, supervision of the test procedure (by a trusted representative if the test is being held remotely) and prevention of unauthorised aids and communication.