Folio Cloud Logo
Home Support Data Security

Characteristics Data Security

(August 18, 2011)

The protection of your personal data and the protection of documents you store in Fabasoft Folio Cloud is of paramount importance to Fabasoft.

This data protection statement supplements the Fabasoft Folio Cloud General Terms and Conditions (GTC).

This data protection statement provides information about what data is collected, how Fabasoft Folio Cloud processes your data and how you can exchange this data with other users.

1. Data Protection Issues in accordance with the GTC

In accordance with this Contract, Fabasoft shall be obliged to prevent data, information or materials provided by the Customer in the context of its use of Fabasoft Folio Cloud services from being accessed, pursuant to the GTC, by any person other than Fabasoft itself, and shall be prohibited from using such data.

Full details of the GTC can be found at http://www.foliocloud.com/folio-cloud-terms-and-conditions.html.

2. Data Protection Obligation arising from ISO 27001 Certification

Fabasoft is subject to the data protection obligations set out in ISO 27001, in particular, in the context of data center operations, in respect of the Fabasoft Folio Cloud data center. This also includes emergency and recovery plans and corresponding tests.

More details are available at http://www.foliocloud.com/datacenter_en.html.

3. Data Protection Obligations Arising from an SAS70 Type II test procedure

Fabasoft has tested Fabasoft Folio Cloud operation in accordance with SAS70 Type II. Consequently, Fabasoft has certified the exact design and effectiveness of the internal control system in compliance with the auditing standard of the American Institute of Certified Public Accounts (AICPA).

More details are available at http://www.foliocloud.com/datacenter_en.html.

4. Information provided during Registration

In order for the services to be used, Fabasoft Folio Cloud needs to collect specific personal information from you when you register and to process this information. This information is as follows:

  • Email address (same as future login name)
  • First name
  • Last name
  • Country

Once your registration information has been collected, an email will be sent to the email address given asking you to enter a password for this login name.

The password you select will not be saved and will therefore not be visible to operations management in the data protection center or to other Fabasoft Folio Cloud users. Consequently, only you will be able to login to Fabasoft Folio Cloud using the email address and password you have provided.

After you have logged in for the first time, depending on the edition, further login procedures such as OpenID or, as two factor authentication, mobile PIN with SMS or using Fabasoft Motoky can be selected. Please note that cell phone number or iPhone/iPad registration is required for this.

5. Optional User Information

Fabasoft Folio Cloud will create your user profile from the information provided when you first register, which you can edit at any time via the ‘Account’ interface under ‘My Contact Information’. The following other optional entries are also possible here:

  • Photo
  • Title
  • Post Title
  • Middle Initial
  • Sex
  • Salutation
  • Date of birth
  • Organization
  • Function in Organization
  • E-Mail Domain
  • OpenID
  • A list of Mailing Addresses
  • A list of Telephone Numbers
  • A list of E-Mail Addresses
  • User’s Web Site Address

In the case of contacts, the following information will be added by Fabasoft Folio Cloud (cannot be changed):

  • Registered
  • Created by
  • Created on/at
  • Last Changed by
  • Last Changed on/at

Entries

  • Date of birth
  • A list of Mailing Addresses
  • A list of Telephone Numbers
  • A list of E-Mail Addresses
  • User’s Website Address

are only accessible to Fabasoft Folio Cloud users who

  • you explicitly invite to collaborate.
  • you store in your list of contacts.
  • are already aware of this information.

6. Registering your Contacts

Fabasoft Folio Cloud offers you the option in the ‘Contacts’ section of the portal on your Fabasoft Folio Cloud desktop. It allows you to enter other people as contacts, create teams from this, and invite these contacts to collaborate in your teams.

The following information can be entered when creating a contact:

  • E-Mail Address (must be provided, same as the unique contact identifier)
  • First Name (must be provided)
  • Last Name (must be provided)
  • Middle Initial
  • Photo
  • Title
  • Post Title
  • Sex
  • Date of Birth
  • Language
  • Salutation
  • Organization
  • Function in organization
  • E-Mail domain
  • Contact’s Web Site Address

In the case of contacts, the following information will be added by Fabasoft Folio Cloud (cannot be changed):

  • Status
  • Registered
  • Created by
  • Created on/at
  • Last Changed by
  • Last Changed on/at

Contacts, which you create on your Fabasoft Folio Cloud desktop, are, in principle, only accessible to you and are not available to other Fabasoft Folio Cloud users.

The respective contacts will not be known to each other until you create a team with these contacts or invite them to collaborate.

The contact details of all Fabasoft Folio Cloud users in a Team Room will therefore be visible to all the other users in the room.

7. Fabasoft Folio Cloud Plug-in for Web Browsers

In order to make full use of Fabasoft Folio Cloud functionality, you must install the Fabasoft Folio Cloud plug-in for your web browser.

This will allow seamless integration into the operating system and for third party applications on a Fabasoft Folio Cloud user’s end device. For example, it will be possible to import documents from the desktop environment of the end device onto the Fabasoft Folio Cloud desktop using drag & drop.

On login, the plug-in will detect your work station identifier. This is the computer name and Mac address. This data will be saved under ‘Account - Account Activity’ and allows you to check when and where you have logged in. The welcome screen will also show the work station on which your Fabasoft Folio Cloud user account was last used.

No further data will be collected by the plug-in. Clicking on the support interface will generate a support query which you can send along with a screenshot and system information.

8. Access to Team Rooms

You are the owner of each Team Room you create on your desktop. Other Fabasoft Folio Cloud users cannot access these rooms unless you expressly and knowingly invite them to collaborate and add them to the list of authorized users.

You have the option to grant read, editing, or administrator rights to each user in your Team Room and you alone decide who receives what rights.

You can also make access to Team Rooms public. In this case, any Fabasoft Folio Cloud registered user will be able to find such team rooms and read the documents stored there (optionally) via the search functions.

If documents are stored in a Team Room, access authorization to these documents will be based on access authorization to the respective Team Room. The Team Room owner thus has control over all the documents stored in his/her Team Room.

9. Access to Objects on your Desktop

Other Fabasoft Folio Cloud users have no access per se to objects you have stored on your Fabasoft Folio Cloud desktop unless they have express authorization or are assigned to a Team Room.

10. Searching for Contacts

You have the option to search for names of other users and invite them to collaborate. You will not receive a full email address in the search results, but a name, email domain and, if provided, the organization.

11. Searching for Documents

You have the option to search for your documents in Fabasoft Folio Cloud. However, generally and without exception, you will only find documents you are authorized to access.

Conversely, other Fabasoft Folio Cloud users will only be able find documents belonging to you if you have previously actively authorized them to do so.

Any Fabasoft Folio Cloud user will be able to access documents in public team rooms.

12. Traceability and Auditing

In terms of Trusted Cloud Collaboration, Fabasoft Folio Cloud ensures the secure, reliable, and traceable collection and storage of information and documents which arise in the context of team collaboration.

The following auditing information is collected by Fabasoft Folio Cloud in the context of traceability:

  • Access to documents (read and write authorizations)
  • Change to metadata

This audit information allows activities to be traced within the context of team collaboration and is only available to team members for evaluations in the Fabasoft Folio Cloud leggero edition or higher.

13. Secure Communication

For your security, communication between the web browser used by a Fabasoft Folio Cloud user on his or her end device and the Fabasoft Folio Cloud services is encrypted. Connections are made on the basis of the ‘Secure http’ TLS standard. A secure connection is identifiable through a closed lock symbol in the browser.

14. Encryption of Information and Documents in the Data Center

Fabasoft Folio Cloud primo stores information and documents in the data center in unencrypted format.

However, Fabasoft Folio Cloud primo users have the option to encrypt certain documents using an encryption tool that is available and familiar to them. They can also store these documents in encrypted format on the Fabasoft Folio Cloud desktop or in a Fabasoft Folio Cloud Team Room (e.g. as a password-protected zip file) These Fabasoft Folio Cloud users must, however, ensure that these documents can be unencrypted by the users themselves and by authorized team members for the duration of the storage of these documents in Fabasoft Folio Cloud.

15. Operations Log

Our servers automatically record all requests. A typical web server entry contains

  • an IP address (Internet Protocol Address)
  • Date and time
  • URL requested
  • Browser type
  • Cookie
  • Language

The application log still records the precise duration of user activity. This information is used exclusively by operations management for the constant improvement of our services.

After 14 days, the detailed data is summarized and presented as a statistic.

16. Which data is processed by Fabasoft

After you have logged in (with user name and password) Fabasoft Folio Cloud services use ‘Session Cookies’ which can identify you during your visit. These ‘Session Cookies’ contain elements of your login data in encrypted format. Session Cookies expire automatically at the end of the respective session. Please note that Fabasoft Folio Cloud services cannot be used if cookies are blocked.

Cookies are small files that allow us to store specific information about you (the user), your PC, or another end device.

Fabasoft Folio Cloud services use ‘permanent cookies’ to obtain information about users who repeatedly access Fabasoft Folio Cloud services. The reason why we use these permanent cookies is so that we can constantly improve our products and services and make them easier for you to use. We do not create individual profiles of your usage behavior. You can deactivate the storage of cookies in your browser, limit to specific websites, or adjust your browser settings so that you receive a message as soon as a cookie is sent. You can also delete cookies from your computer’s hard drive at any time.

A newsletter will automatically be sent to your email address, which you can cancel at any time.

17. Passing Information on to a Third Party

Fabasoft shall not make your data available to a third party, except in the event of a statutory obligation or if you make such a request. This will be the case, for example, when sending an invitation to a Team Room or when purchasing a Cloud App.

18. Rights to Information and Cancelation Rights

You may, depending on the respective authorization of your identity, obtain information about your personal data stored by us. You may arrange for data collected by us to be blocked, amended, or deleted at any time, provided that you are not able to block, amend, or delete this yourself. Please write to the address given in the legal notice in this case. Please do not hesitate to contact us if you have any further questions regarding our data protection information or the processing of your personal details.

Please note that data protection provisions and data protection management may change on an ongoing basis. It is therefore advisable and essential that you routinely identify any changes to statutory provisions and company practices.

19. Availability of Data Protection Provisions

You can view the data protection provisions as a PDF file at http://www.fabasoft.com/datasecurity.html at any time and print these out.


Data Security Concept and Data Protection regulations

18.08.11PDF | 662 kB
18.08.11 PDF | 637 kB