Data Ownership, Access & Security

Who is the owner of the data?

The data owner is the customer as the commissioning party (data controller). For processing according to the customer’s specifications, a data processing contract is concluded with fraud0 (data processor).

Does fraud0 use subcontractors for the processing of the data?

For the purpose of hosting, fraud0 uses the cloud server services provided by Google (Google, Alphabet Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States or Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland for users from the EEA and Switzerland).

How does the customer retrieve the data?

Upon request of the customer, a data export can be arranged. In order to do so, the data is exported to Google Buckets (Google Cloud Storage). After verifying if the person is authorized to access the data, a link is generated specifically in order to download this data.

When is the data deleted?

Data is deleted after a retention period of 2 years (latest status). Regardless of this period, a customer can request the deletion of the stored data at any time.

Who has access to the solution/data? By which measures is the access protected?

Access to customer data is managed by customers themselves. In addition, a restricted group of users receives administrative permission from fraud0, e.g. in order to be able to assist with support requests.

How is the data transmitted and which encryption methods are employed?

The data transfer is carried out using HTTPS encryption (TLS 1.3). Data in idle mode is encrypted using AES256, with different codes used for each respective data packet.