Aurora Health GmbH undertakes technical and organizational actions to ensure the protection of personal data. Data entered by doctors or psychotherapists are only stored temporarily in encrypted form on our data servers. The collection and usage takes place exclusively by the user.
Technical and Organizational Measures
Server and database service provider:
The server location is Frankfurt am Main, Germany.
We use Amazon Web Services (AWS). The AWS data centers meet the highest data protection requirements and have been tested with regard to the following standards, among others:
• ISO 27001
• SOC 1, SOC 2/SSAE 16/ISAE 3402 (SAS 70 Type II)
• PCI Level 1
Current information on the AWS security concept can be found at: https://aws.amazon.com/de/region-frankfurt/
The following technical and organizational measures apply to the processing of personal data.
Disclosure control
The modern HTTPS communication protocol encrypts the data packets between server and client.
Order control
The authority to issue directives and responsibilities are clearly defined in an agreement. The access to the dentist data is password-protected. The stored passwords are protected by the hashing method.
Availability control
By regular backups of our provider we protect the data against loss.
Separation rule
The telephone number provided when purchasing the consultancy service is stored in a separate subsystem of the database. Even in the event of unauthorized access to one of the two databases, no connection could be established.
Access control
Access to the stored data is granted with authentication by individual user ID and password. Passwords must comply with our password policy. Access authorizations are granted exclusively by the management and documented in writing. Our systems are protected against unauthorized access by firewalls and anti-virus software. All workstations (PCs, tablets, test devices) are password protected when leaving the workstation.