Data Processing Agreement (DPA) to the TIS WEB Services contract

This DPA stipulates the legal obligations of the Parties regarding data protection resulting from the processing of personal information related to the contract TIS WEB Services Contract (hereinafter also referred to as “Main Contract”). The DPA applies to all activities associated with the Main Contract during which employees of Continental Automotive Trading UK Ltd and/or third parties subcontracted by Continental Automotive Trading UK Ltd have access to personal data provided by the Client.

ATTACHMENT 1: Technical and organizational measures for contract data processing

The measures are defined in the approved Binding Corporate Rules of the Continental Corporation and are implemented based on the existing IT security guidelines.

Specific measures regarding this data processing agreement can be found in the below mentioned points.

With the respective subcontractors, the adequate measures for data processing are specified in separate contract.

Physical Access Control

Safeguarding admission/access to processing systems with which processing is carried out against unauthorized parties (e.g. through physical property protection: fence, gatekeeper, personnel barrier, turnstile, door with card reader, camera surveillance, organizational property security, regulation on access authorizations, access registration)

The following technical and organizational measures have been implemented by Continental Automotive Trading UK Ltd for the collection, processing or use of personal information described in the DPA:

  • Alarm system
  • Automatic access control system
  • Locking system with code lock
  • Biometric access barriers
  • Light barriers/motion sensors
  • Manual locking system including key regulation (key book, key issue)
  • Visitor logging
  • Careful selection of security staff
  • Chip cards/transponder locking systems
  • Video monitoring of access doors
  • Safety locks
  • Personnel screening by gatekeeper/reception
  • Careful selection of cleaning staff
  • Obligation to wear employee/guest ID cards
  • Miscellaneous:

Data Access Control/User Control

Prevention of third parties using automatic processing systems with equipment for data transmission (authentication with user and password).

The following technical and organizational measures have been implemented by Continental Automotive Trading UK Ltd for the collection, processing or use of personal information described in the DPA:

  • Authentication with user name/password (passwords assigned based on the valid password regulations)
  • Usage of intrusion detection systems
  • Usage of anti-virus software
  • Usage of a software firewall
  • Creation of user profiles
  • Assignment of user profiles to IT systems
  • Usage of VPN technology
  • Encryption of mobile data storage media
  • Encryption of data storage media in laptops
  • Usage of central smartphone administration software (e.g. for the external erasure of data)
  • Miscellaneous:

Data Usage Control/Data Storage Media Control/Memory Control

Prevention of unauthorized reading, copying, changing or erasure of data storage media (data storage media control), prevention of unauthorized entry of personal information and unauthorized access to it, changing and deleting saved personal information (memory control). Ensuring that the parties authorized to use an automated processing system only have access to the personal information appropriate for their access authorization (e.g. through authorization concepts, passwords, regulations for leaving the company and for moving employees to other departments.) (data usage control).

The following technical and organizational measures have been implemented by Continental Automotive Trading UK Ltd for the collection, processing or use of personal information described in the DPA:

  • Roles and authorizations based on a “need to know principle”
  • Number of administrators reduced to only the “essentials”
  • Logging of access to applications, in particular the entry, change and erasure of data
  • Physical erasure of data storage media before reuse
  • Use of shredders or service providers
  • Administration of rights by defined system administrators
  • Password guidelines, incl. password length and changing passwords
  • Secure storage of data storage media
  • Proper destruction of data storage media (DIN 32757)
  • Logging of destruction
  • Miscellaneous:

Transfer Control/Transportation Control

Ensuring that the confidentiality and integrity of data is protected during the transfer of personal information and the transportation of data storage media (e.g. through powerful encryption of data transmissions, closed envelopes used in mailings, encrypted saving on data storage media).

The following technical and organizational measures have been implemented by Continental Automotive Trading UK Ltd for the collection, processing or use of personal information described in the DPA:

  • Establishment of dedicated lines or VPN tunnels
  • Encrypted data transmission on the Internet (such as HTTPS, SFTP, etc.)
  • E-mail encryption
  • Documentation of the recipients of data and time frames of planned transmission or agreed erasure deadlines
  • In case of physical transportation: careful selection of transportation personnel and vehicles
  • Transmission of data in an anonymized or pseudonymized form
  • In case of physical transportation: secure containers/packaging
  • Miscellaneous:

Entry Control/Transmission Control

Ensuring that it is possible to subsequently review and establish which personal information has been entered or changed at what time and by whom in automated processing systems, for instance through logging (entry control).

Depending on the system, ensuring that it is possible to review and determine to which offices/locations personal information has been transmitted or provided using equipment for data transmission, or to which offices/locations it could be transmitted (transmission control).

The following technical and organizational measures have been implemented by Continental Automotive Trading UK Ltd for the collection, processing or use of personal information described in the DPA:

  • Logging of the entry, change and erasure of data
  • Traceability of the entry, change and erasure of data through unique user names (not user groups)
  • Assignment of rights for the entry, change and erasure of data based on an authorization concept
  • Creating an overview showing which data can be entered, changed and deleted with which applications
  • Maintaining forms from which data is taken over in automated processing
  • Miscellaneous:

Availability Control/Restoration/Reliability/Data Integrity

Ensuring that systems used can be restored in case of a disruption (restorability). Ensuring that all system functions are available and that any malfunctions are reported (reliability). Ensuring that saved personal information cannot be damaged through system malfunctions (data integrity). Ensuring that personal data is protected from accidental destruction or loss (availability control), e.g. by implementing appropriate backup and disaster recovery concepts.

The following technical and organizational measures have been implemented by Continental Automotive Trading UK Ltd for the collection, processing or use of personal information described in the DPA:

  • Uninterruptible Power Supply (UPS)
  • Devices for monitoring temperature and moisture in server rooms
  • Fire and smoke detector systems
  • Alarms for unauthorized access to server rooms
  • Tests of data restorability
  • Storing data back-ups in a separate and secure location
  • In flood zones: server rooms above the high water level
  • Air conditioning units in server rooms
  • Protected outlet strips in server rooms
  • Fire extinguishers in server rooms
  • Creating a back-up and recovery concept
  • Creating an emergency plan
  • Miscellaneous:

Separation Control / Separability

Ensuring that data collected for different purposes can be processed separately (for instance through logical separation of customer data, specialized access controls (authorization concept), separating testing and production data).

The following technical and organizational measures have been implemented by Continental Automotive Trading UK Ltd for the collection, processing or use of personal information described in the DPA:

  • Physically separated storing on separate systems or data storage media
  • Including purpose attributions/data fields in data sets
  • Establishing database rights
  • Logical client separation (software-based)
  • For pseudonymized data: separation of mapping file and storage on a separate, secured IT system
  • Separation of production and testing systems
  • Miscellaneous:

Subcontractors

If subcontractors are hired (for instance for hosting, providing computing center space, operating software used to process personal information, etc.) for the collection, processing or use of personal information described by Continental Automotive Trading UK Ltd, the implementation of technical and organizational measures by the respective subcontractor must be regulated through appropriate contract data processing agreements.

The following subcontractors have been hired:

Name of the subcontractor: Continental Automotive GmbH, Vahrenwalder Straße 9, 30165 Hannover (Support)
Name of the subcontractor: SYZYGY Deutschland GmbH, Im Atzelnest 3, 61352 Bad Homburg (Hosting-Services)
Name of the subcontractor: Astrata Europe B.V., High Tech Campus 32, 5656 AE Eindhoven, Niederlande (Cloud-/Hosting-Services)
Name of the subcontractor: Atos India Pvt. Ltd, Tower-B, 10th floor, HCC 247 Park, Hincon House, Lal Bahadur Shastri Marg, Vikhroli West, Mumbai 400083, India (Support and Maintenance)
Name of the subcontractor: MiX Telematics International (Pty) Limited, Blaauwklip Office Park 2, Corner of Strand & Webersvalley Road, Stellenbosch, 7600 South Africa (RTM Download)
Name of the subcontractor: Com-a-tec GmbH, Am Krebsgraben 15, 78048 Villingen-Schwenningen, Germany (Support)

VDO Brake Testers & Workshop Equipment

  • HGV Brake Tester
  • Rolling Roads
  • Headlight Testers
  • Smoke Testers
  • Shaker Plates
Image showing workshop scenario More
E-mail us at uk@vdo.com

Easier Manual Entries (VDO Driver /
TIS‑Web Fleet Apps)

Carry out multiple manual entries using your Smartphone.

Animation of main VDO App features More

VDO Fleet Management

Easy to use telematics with VDO FleetVisor.

Image of FleetVisor application running on tablet computer More

VDO Remote Data Downloading

Automatic downloading of your digital tachograph data.

Image of DLD WR II More

VDO Download Tools

A suite of digital tachograph data downloading tools.

Image of VDO Download Terminal PRO VDO DLK Pro Download Key VDO DLT Download Terminal