Questo Sito Web raccoglie alcuni Dati Personali dei propri Utenti.
Dati Personali: email
Dati Personali: email
Dati Personali: Cookie; Dati di utilizzo
Dati Personali: Cookie; varie tipologie di Dati secondo quanto specificato dalla privacy policy del servizio
Dati Personali: Dati di utilizzo; Strumenti di Tracciamento
Dati Personali: Cookie; Dati di utilizzo
Dati Personali: Cookie; Dati di utilizzo
Dati Personali: Cookie; Dati di utilizzo
Dati Personali: identificatori univoci di dispositivi per la pubblicità (Google Advertiser ID o identificatore IDFA, per esempio); Strumento di Tracciamento; varie tipologie di Dati secondo quanto specificato dalla privacy policy del servizio
Dati Personali: Dati di utilizzo; numero di Utenti; statistiche delle sessioni; Strumenti di Tracciamento
Dati Personali: Cookie; Dati di utilizzo
Dati Personali: Dati di utilizzo; Strumenti di Tracciamento
Oltre a qualsiasi funzione di opt-out fornita da uno qualsiasi dei servizi elencati in questo documento, gli Utenti possono leggere di più su come disattivare gli annunci pubblicitari basati sugli interessi nell'apposita sezione della Cookie Policy.
We only collect cookie-based - anonymous data, which only includes generic traffic (like search queries) or traffic generated by our campaigns = 2nd party data. We do not use 1st party data = your data.
For the reason, we only use cookie-IDs we do not have personal-based data. This will change with the new General Data Protection Regulation which will come into effect on 25. May. From this moment on cookie data will become personal data. From then on users have active to agree to the use of their cookies (this has to happen on your website). From this day forward, we are only permitted to use the data of users who gave active their opt-in. This data will still be treated anonymized.
We will do remarketing and prospecting based on the collected cookie-ids. As mentioned do we only use anonymized data.
Definitions
In this document, we use the following defined terms:
"Directive" means Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
" Data" means any personal data which provides to you in connection with the Services.
"EU Data Protection Law" means the Directive or the Regulation depending on which is applicable at the relevant time.
"personal data" means data which relates to a living individual who can be identified from the data, or from the data and other information which is in, or is likely to come into, your possession.
"Regulation" means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), and any replacement directive or regulation imposing equivalent obligations.
"Services" means the services that you, the Vendor, provide.
A.
General information
A.1
What is the name, email address and telephone number of the individual responsible for information security and/or data protection lead?
Name: Rene Finsterbusch
Email address: Rene.Finsterbusch@groupm.com
Telephone number: +49 211 9387 3445
Name: Hannes Oenning
Email address: Hannes.Oenning@wpp-germany.de
Telephone number: +49 69 96225 110
A.2
Are you registered with the Information Commissioner's Office (or such other data protection authority) as a data controller under the Data Protection Act 1998?
If yes, please provide your registration number.
If not, please explain why not.
There is no comparable authority in Germany, but we are working compliant to BDSG (Bundesdatenschutzgesetz), which is basically a blueprint for GDPR.
A.3
Are you certified or accredited under any Information Security Standards or any other security related standard?
If yes, please provide details.
We have global and local security policies following global best practice standards. Furthermore, we are SOX compliant and do have regular audits on site. Those audits are performed by internal audit team as well by external party (Deloitte).
A.4
Please describe the type of Data you would be processing on our behalf.
No data is being used. Data that will be processed is created within our facilities.
B.
Security
needs to understand what technical and organisational measures you have in place to protect personal data against accidental or unlawful destruction, or accidental loss, alteration, unauthorised disclosure, access or processing.
B.1
How is Data stored?
Servers within GroupM Data Centers.
B.2
What physical security is implemented at your data centres? (e.g. manned guarding, electronic surveillance, access records)
Electronic access systems with two factor authentication, video surveillance, alarming systems, access records, accompanied visitor access
B.3
If Data is stored electronically, where will the data back ups be held and what physical and electronic security will be used to secure them?
Cross Site Backup between server centers, encrypted backup, backup monitoring
B.4
Please provide details of the security controls in place to keep Data separate from personal data that you hold in relation to your own employees or other customers.
Chinese walls are in place. Approver and review processes are in place.
B.5
Please provide details of the information security procedures you use to protect your systems against vulnerabilities.
Sophos Antivirus is being used. Policies and processes for system and application patch management are in place. Also external providers e.g. Proofpoint are being used.
B.6
Please provide details of the routine vulnerability scanning you perform, and the system tools that are used.
Sophos Antivirus an Qualys is used. Full scans are planned to happen weekly. Hourly signature updates.
B.7
What anti-virus software do you deploy on your systems? How often are these updated?
Sophos - Full scans are planned to happen weekly. Hourly signature updates.
B.8
What logical measures do you have in place to ensure the security of Data? (e.g. network and system security controls, such as unique system credentials)
Monthly IT controls are in place regarding network and system security.
B.9
Please provide details of any secure encrypted protocols you use to manage servers and network devices.
RDP, SSH, HTPPS
B.10
What type of authentication is required to access servers and network devices, both on-site and remotely? (e.g. encryption, two-factor authentication)
Servers can only be accessed with dedicated administrative account. Servers are protected using firewalls.
C
Subcontracting
To the extent that you engage subcontractors to provide the services, please explain how you ensure that those subcontractors comply with data protection obligations in respect of Data.
C.1
Do you engage any subcontractors to provide the Services who will have access to the Data?
Yes, IBM is maintaining WPP’s IT Infrastructure.
C.2
If so, is there a contract in place to ensure that any such subcontractor is bound by appropriate data protection and confidentiality obligations?
Yes, WPP is very focused on security, data protection and confidentiality.
D.
Location and transfer
In order to comply with its own obligations under data protection laws, it is important that has a complete picture of where Data is stored, and whether any transfers to other third parties take place.
D.1
Please confirm what country the data / systems which store Data are located in.
Germany (File data, Application, Backup)
Ireland (Office 365/E-Mail)
D.2
Will this location remain the same during possible server outages / system failures or will the system automatically switch to another server located in an alternative location?
Germany does have a primary and a backup datacentre located in Frankfurt (main) and Dusseldorf (backup).
D.3
Do you transfer this data to third parties (including for hosting or storage) or otherwise allow third parties to access this data?
Data used within Office 365 is end-to-end encrypted. Therefore, no access for Microsoft.
D.4
If so:
a) Is there a contract in place with that third party and if so, which group entity signs that contract?
b) Please explain the data flows with reference to the infrastructure.
Yes, WPP holds the contract for Office 365.
Milestone srl - Via Olona 2, 20123 Milano - Italia - P.IVA IT10851750967 - Capitale Sociale 7.000.000,00 € i.v.- CCIAA: Mi N. - REA: MI-2561840
Indirizzo email del Titolare: info@milestone.it