This document provides an overview of Dataconomy’s security posture, data protection principles, and compliance frameworks. It is intended to assure our clients and partners of our commitment to safeguarding the information entrusted to us.
1. Information Security Policy
Last updated: [05.2025]
Dataconomy takes the security of personal and organizational data seriously. While we are a media publication and do not operate SaaS infrastructure, we apply best practices to safeguard all information under our control.
Our policy is founded on the principle of protecting the confidentiality, integrity, and availability of all data processed by Dataconomy. This includes client data, personal data, and our own proprietary business information.
Key Principles & Controls:
- Data Minimization: We collect and retain only the data necessary for specified, explicit, and legitimate purposes.
- Secure Infrastructure: We utilize secure hosting infrastructure with leading, certified providers (e.g., AWS, Hetzner) who are responsible for physical and environmental security.
- Confidential Information Management: Any non-public information, including technical data, business plans, or client details, is treated as confidential. We ensure such information is used solely for the purpose for which it was shared and is not disclosed without prior written consent, in line with formal confidentiality obligations.
- Encrypted Communications: All web traffic and data exchange occur over encrypted channels using industry-standard protocols (HTTPS/TLS).
- Responsible Disclosure: We maintain a responsible disclosure policy to encourage the reporting of security vulnerabilities.
- Continuous Improvement: We are committed to regularly reviewing and updating our systems and policies to address emerging threats and meet modern security standards
2. Data Encryption Practices
Last updated: [05.2025]
Dataconomy uses encryption to protect data in transit and at rest:
In Transit:
- TLS 1.2 or higher– is enforced across all our web properties and for all external data transmissions, particularly for pages collecting personal data.
- Email addresses and contact details are processed using secure forms and transmitted via third-party services that have HTTPS enabled by default.
At Rest:
- Our hosting providers offer encrypted storage –(e.g., AES-256)– as a standard feature for databases and stored files.
- Access to any stored user data (e.g., for newsletters or events) is strictly limited to authorized personnel through secure credentials.
3. Incident Response
Last updated: [05.2025]
Although we process minimal user data, we maintain a basic Incident Response Plan to address data breaches:
Process Overview:
- Detection & Analysis: Continuous monitoring and logging to detect potential security incidents.
- Containment, Eradication & Recovery: Upon confirming an incident, immediate steps are taken to contain the impact, eradicate the threat, and restore systems to a secure state.
- Investigation & Notification: An internal investigation is initiated –within 24 hours of confirmation–. –In the event of a data breach affecting personal data, we will notify affected users and the relevant supervisory authority within 72 hours, as required by GDPR.
- Cooperation: Should an incident impact a client’s data, we will promptly inform the client and cooperate fully to support their investigation and notification obligations.
- Post-Incident Review: A root cause analysis is conducted to implement remedial actions and improve our security controls.
Please contact us if you believe your data may have been compromised.
4. Access Control
Last updated: [05.2025]
Dataconomy enforces a strict access control framework based on the principles of least privilege and role-based access control (RBAC).
Practices include:
- Role-Based Access Control (RBAC): Access to data, tools, and platforms is provisioned based on an individual’s job function and restricted to the minimum necessary to perform their duties.–
- Authentication: Two-factor authentication (2FA) is enforced on all critical systems and platforms that support it.
- Regular Access Reviews: Access rights are reviewed on a quarterly basis and immediately upon any change in role or employment status to ensure privileges remain appropriate.
- Training: Staff are regularly trained on secure data access hygiene and their responsibility to protect credentials.
- Auditing: We maintain audit logs of access to sensitive systems and periodically review them for unauthorized activity.
5. GDPR Compliance
Last updated: [05.2025]
We are fully committed to compliance with the EU General Data Protection Regulation (GDPR) and Germany’s Federal Data Protection Act (BDSG).
Your Rights:
- You have the right to access, correct, or delete your personal data.
- You have the right to data portability and the right to object to processing.
- You have the right to lodge a complaint with a supervisory authority.
Our Commitments:
- Lawful Processing:We ensure all personal data processing is based on a lawful ground as defined by GDPR.
- Data Protection by Design & by Default: We integrate data protection principles into our projects and systems from the outset.
- Subprocessor Management: We have data processing agreements in place with all our subprocessors. We perform due diligence to ensure they provide sufficient guarantees to implement appropriate technical and organizational measures in a GDPR-compliant manner.
Data Controller: Dataconomy Media GmbH
Rheinsberger Str. 76/77, 10115 Berlin
Germany
Contact: Using the form.
We have data processing agreements in place with our subprocessors and regularly review data handling practices.
6. Data Processing Agreement (DPA) Template
Last updated: [05.2025]
We offer a standard Data Processing Agreement (DPA) to clients, partners, and service providers to govern the processing of personal data. Our DPA is designed to meet the requirements of Article 28 of the GDPR.
Key clauses include:
- Scope and purpose of processing
- Roles and responsibilities of the controller and processor
- Technical and organizational security measures
- Subprocessor management –and approval process
- Data subject rights handling
- Breach notification and cooperation
- Audit rights and international data transfer mechanisms
Please email for a copy of our DPA template.
7. Certifications
Last updated: [05.2025]
Dataconomy is not currently ISO 27001 or SOC 2 certified. However, we are committed to maintaining a high standard of security and compliance.
- We align our internal security framework and controls with the domains of the ISO 27001 standard.
- We adhere strictly to the requirements of GDPR and BDSG.
- We maintain comprehensive internal documentation of our security controls and policies.
- We are committed to the continuous improvement of our trust and compliance posture as our operations evolve.
8. Privacy Policy
Last updated: [05.2025]
Our public-facing Privacy Policy, available at https://dataconomy.com/privacy/, provides transparent information about how we collect, use, and protect personal data. It details the types of data we process, the purposes of processing, the rights of data subjects, and our use of cookies and other technologies. We review and update our Privacy Policy regularly to ensure it remains compliant with applicable laws and reflects our current data handling practices.
