Hintbox IT Security & Data Protection
Our whistleblower system meets all IT security and data protection requirements. In particular, through our ISMS and secure Hintbox, all technical, organizational and regulatory requirements of the General Data Protection Regulation and the EU Whistleblower Directive (2019/1937) are fulfilled.
Our IT Security & Privacy Seal
Hintbox is ISO 27001 certified
We have made it our mission to be the safest and easiest whistleblowing system on the market. To do this, we must always pay attention to our certifications.
The Hintbox is regularly checked for security vulnerabilities
At regular intervals, we have the Hintbox checked by professional penetration testers. To ensure the highest level of additional security for our customers.
Last successful penetration test on 19.06.2023.
The protection of your data has the highest priority
Each Hintbox is a self-contained system. With isolated data storage and end-to-end encryption, your data is secure in its own database.
Our security promise
Information Security Management System (ISMS)
We have implemented an ISMS in accordance with the requirements of ISO 27001 to comprehensively ensure the protection of your data. The scope of our ISMS is defined as follows:
"In-house development, deployment and operation of software solutions as a service for use by end customers."
End-to-end encryption
Through our end-to-end encryption, all sensitive information and data, such as trade secrets, are encrypted in our whistleblower system.
This means that the data arrives on our servers already encrypted, so that neither we nor other third parties can read the information at any time.
Regular auditing of the Hintbox by external auditors
The Hintbox is regularly audited positively by external companies. An IT security company performs penetration tests to verify the IT security of the Hintbox. This ensures that the Hintbox and your data are secure.
Ensuring the integrity of the data through revision security
By using the highest and most modern encryption technologies and an audit-proof indexing of data entries and their changes, we also ensure data integrity in the Hintbox.
Ensuring the availability of your data and information
The Hintbox our digital whistleblower system offers you an availability of 99.9% per year.
This ensures the availability of your data and information at all times.
Ensuring anonymity
The Hintbox technically ensures the anonymity of a whistleblower in case of an anonymous report. No IP or MAC addresses, location data or other information that allows conclusions to be drawn about a data subject are stored.
GDPR compliant data processing
Our Hintbox complies with the rules for processing personal data and thus complies with the General Data Protection Regulation. We process the personal data exclusively according to documented instructions and on your behalf as a processor.
Data hosting at an ISO/IEC 27001 certified data center in Germany
All data of our whistleblower system is hosted in Germany in an ISO/IEC 27001 certified data center. There is no data hosting and no data transfer to countries outside the EU.
Implementation of deletion specifications
All personal data in Hintbox can be deleted in accordance with the requirements of the General Data Protection Regulation and the EU Whistleblower Directive. This enables you to actually implement deletion requests and also deletion concepts in a legally compliant manner.
Implementation of an authorization concept
Our Hintbox enables the implementation of an authorization concept. Only individual authorized persons are given access to the messages in the whistleblower system. In this way, you meet the requirements of data protection and ensure the necessary confidentiality.
Ensuring the confidentiality of the data
We offer secure 2-factor authentication to every Hintbox user.
Each customer receives its own separate Hintbox instance, ensuring stringent separation and processing of data.
Help and support
Of course, our customer support will assist you with all IT security and data protection concerns. We support you in the processing of data protection rights of data subjects. We also provide support, for example, in carrying out a data protection impact assessment, and much more.
Would you like a no-obligation consultation or more information about the Hintbox?
Then make an appointment with our experts or call +49 261 988 03 700