Data Security & Privacy

The security of your data is our top priority. That’s why we use the latest security technologies and have continuously optimized all safety-themed processes.

100 % GDPR compliant

The LOLYO employee app is 100 % GDPR compliant. We take all measures to ensure the security of processing in accordance with Art 32 GDPR. All data processing activities are carried out exclusively within the EU or the EEA.

Architecture

LOLYO’s system architecture is designed to minimize security risks. Access to the software from Outside is restricted to the required systems only.

Encryption of data

All traffic is encrypted with SSL (protocol TLS 1.2). The key length is 2048 bit (SHA256withRSA). All passwords are hashed using the PBKDF2 method (with HMAC-SHA256, a 128-bit salt and a 256-bit subkey). This makes it impossible to extract passwords.

Data center in Germany

As part of lolYO’s service provision, the services of a data center are rented. The headquarters and location of this data center is in Germany. The data center provides only the infrastructure and does not have access to the data. The Microsoft Azure Cloud data center provides state-of-the-art security standards and 24/7 emergency support. The data center is secured as follows: access via access chip/card, alarm system secured, security service on site, smoke detector/fire alarm system, smoke extraction system, water detector as well as redundant Internet connection and DDoS protection.

System access/access

Access to the production system is limited to our core development team, which is responsible for maintenance, updates and troubleshooting.

Backups & Recovery

We perform daily backups for all relevant systems and databases. These backups are stored encrypted.

Confidentiality agreement

Our employees have signed a confidentiality agreement and are constantly trained and sensitized on the subject of security and data protection.

Commissioned data processing agreement

More detailed information on data protection and data security can be found in our data processing agreement (technical and organizational measures, etc.).

 

Microsoft Azure Cloud

Technical details about hosting on Microsoft Azure, data center in Germany

Hosting

With hosting on Microsoft Azure Cloud, you benefit from higher availability and even higher security standards.

Security

  • Transport paths (VM-DB) encrypted throughout TLS 1.2
  • Real-time encryption of databases, associated backup and transaction logs (AES256)
  • VM data is AES-256 encrypted & FIPS 140-2 compliant.
  • Daily backups of the VM (disaster recovery)
  • Just-in-time backups of the database (7 days)

Compliance

CIS Benchmark, CSA-STAR attestation, CSA-STAR certification, CSA-STAR self assessment, ISO 20000-1:2011, ISO 22301, ISO 27001, ISO 27017, ISO 27018, ISO 27701, ISO 9001, SOC, WCAG, Especially for Germany, IT Baseline Protection Workbook, IDW PS 951, TISAX, C5

Availability

  • Better availability of LOLYO through the SLA
  • Virtual Machine 99,9%
  • Managed Database 99,99%

GDPR Cookie Consent with Real Cookie Banner