You ensure the security of your company data. So do we.

You are probably familiar with the following situation: yet another department within your company wants to implement new software. Once again, a new risk arises when you give your highly sensitive company data out of your hands. You may think. We know that your company data is of enormous importance to you. We feel the same way ourselves. That's why we make sure that every user of our software solutions knows that their data is as safe as the apple of their own eye!

Where Is Your Data Located?

When Using the BabtecQ Software

Company-owned database server
The comprehensive QM software BabtecQ as well as its browser-based extension BabtecQ Go use the same business and database servers within your own company. Thus, it is up to you where you store your data.
Concrete coordination for joint project start
Projects with BabtecQ customers are as individual as our customers' existing IT landscape. When you choose BabtecQ, our joint project therefore starts with the topic of data protection, among other things: our data protection team will contact you in a timely manner to coordinate the data protection framework (DSGVO).

When Using the BabtecQube Platform

Use of Microsoft Azure
With BabtecQube, our lean QM software, we rely on the cloud computing platform Microsoft Azure, which is continuously monitored by Microsoft. If potential threats arise, Microsoft, as an international hardware and software developer, responds quickly and competently. Azure's data security complies with EU standards and is extensively certified, including by the C5 catalog of the German Federal Office for Information Security (BSI).
Secure data transmission and storage
Your data is transmitted using proven SSL encryption. In addition, we guarantee compliance with the DSGVO guidelines and secure storage of your data in a data center on European soil.

>1.250 customers

trust in Babtec software

>230 experts

are there for you with their know-how

>30 years

project experience to your advantage

When the Way to the Cloud Makes Sense

Cloud technologies or on-premises software?

Should you rely on cloud technologies or opt for locally installed software? Read our blog article to find out which solution scores best and when.

Read blog article

Further Notes on Data Protection

BabtecQ

The implementation of the comprehensive BabtecQ QM software is highly individual due to its modular structure, interfaces to be connected and integration into the existing IT landscape of your company. We therefore discuss the data protection aspects with you at the beginning of our joint project. Of course, you can contact us at any time if you have individual questions about data protection in BabtecQ in advance.

BabtecQube

For information on data protection in the cloud-based platform BabtecQube, please refer to

the Terms of Use,
the privacy policy and
the order processing agreement (AVV), which you can view directly in the platform during the registration process.

Frequently Asked Questions

What personal data is collected in Babtec's software solutions?

The scope of personal data collected and stored in Babtec's software solutions is generally reduced to the necessary minimum. The personal data collected is only used to perform any tasks that relate to the quality management processes to be mapped with the software. Thus, during the processing of operations, the user who last performed an essential action (e.g., create, change, check, and release) is generally stored.

An exception to this is the "Qualification and Training Management" software module in BabtecQ, in which further personal data is recorded by assessing the qualifications of employees.

It is possible to collect further personal data in our software solutions. This is evident in the case of user administration, in which users can voluntarily enter a profile picture or their professional position, for example.

How does Babtec support the users of the software in complying with the GDPR?

Already during the design and development of our software solutions, proven principles such as "Privacy by Design" and "Privacy by Default" are observed with regard to data protection

Privacy by Design (Art. 25 GDPR): This principle stands for the technical avoidance of the collection of personal data, i.e. it is not necessary to enter and store personal data in order to use the functions of the software (data minimization).
Privacy by Default (Art. 25 GDPR): This principle is closely related to the Privacy by Design principle and concerns the privacy-friendly default settings within the software. They basically follow the purpose of data minimization.

Practical example:
For our BabtecQ software solution, for example, these principles mean that there is no obligation to include a name, photo, and position in the user data in addition to a freely selectable abbreviation. It is up to the customer or user to decide whether and which personal data should be collected.
In addition, new users initially do not receive any authorization to access data in the system. Authorizations are assigned specifically and deliberately by the customer's administrator, depending on the employee's tasks. In this way, BabtecQ's user management prevents unauthorized access to data that requires protection.

How is the right to deletion guaranteed in the software solutions?

According to the GDPR, a person has the right to request the deletion of his or her personal data stored by a company. In addition, companies are obliged to delete data if it is no longer needed for the purposes for which it was collected.

When using BabtecQ
In BabtecQ, a delete function is available for all data records. If the data cannot be deleted due to dependencies on other data records, anonymization using arbitrary characters is also possible. I.e. in BabtecQ the name of a user could be deleted and his abbreviation made unrecognizable if the user is no longer working with the system but this user cannot be deleted because of dependencies to other data (relational databases). Then only the anonymized abbreviation is displayed in all dependent data records.

When using BabtecQube
During registration in BabtecQube, only the necessary personal data is collected (name, e-mail) to enable use of the application. The user is informed about the collection and processing in the terms of use and the data protection conditions as well as the BabtecQube order processing contract and must agree to this. If the deletion or anonymization of data is desired, this can be carried out with the assistance of Babtec Support in the BabtecQube administration.

To what extent does Babtec have access to the data that customers process in the software solutions?

When using BabtecQ
BabtecQ, as an on-premises software, is at all times under the sole access rights of the end customer. Data processing by Babtec only occurs when our employees connect to the (production) database after customer approval and monitoring in order to provide on-site services, customizing and, in the case of support, assistance. This may give our employees access to personal data, but they process this data exclusively in accordance with instructions as order processors.
The Babtec update and support conditions apply. Furthermore, Babtec employees are contractually obligated to observe data protection upon commencement of their employment.

When using BabtecQube
Access by Babtec to the contents stored in the BabtecQube database is limited exclusively to cases authorized by customer release or for error handling purposes. In addition, access in this context is restricted to a defined group of administrators. Furthermore, employees at Babtec are contractually obligated to data protection as soon as they start their employment.

Under what circumstances is it necessary to conclude an AV contract between Babtec and us as the customer?

When using BabtecQ
If the confidentiality clause is not sufficient for you, there is the possibility of concluding an order processing agreement between Babtec and you as the customer.

When using BabtecQube
In principle, the use of BabtecQube requires consent to the corresponding order processing agreement (AVV). This can be viewed directly in the platform during the registration process.