Security and compliance you can verify
Trust is earned with evidence. This is where we document exactly how Pescheck protects candidate and customer data, the certifications we hold, and the controls behind our background-screening platform. Everything here is open for your security and procurement teams to review.
Dokumentation zuletzt geprüft 1. Juli 2026
Überblick
Willkommen im Trust Center von Pescheck. Unser Engagement für Datenschutz und Sicherheit ist in jedem Teil unseres Unternehmens verankert. Nutzen Sie diese Seite, um unsere Security-Posture einzusehen und auf unsere Sicherheitsdokumentation zuzugreifen.
Unabhängige Sicherheitsbewertungen
Prüfen Sie es selbst, die Links starten einen externen Live-Scan.
Risikoprofil
- Data access level
- Restricted
- Impact level
- Substantial
- Recovery time objective
- 24-48 hours
Unsere Maßnahmen, transparent
Jede Maßnahme, die wir betreiben, mit aktuellem Status, über 15 Domänen hinweg. 62 insgesamt, nichts verborgen.
Keine Treffer. Versuchen Sie einen anderen Begriff.
Product Security
8Security built into the platform itself, from access controls to audit trails.
-
Audit Logging
Our product logs all user activity to enable easy auditing of usage patterns.
-
Data Security
We have implemented several measures to ensure that your data remains safe and protected. Here are some of the security features and policies we have in place: - Multi-Factor Authentication (MFA) - Password Policies - Customer-Specific Data Retention Policies
-
Integrations
We use webhooks to facilitate seamless integrations with various third-party services, making our platform even more versatile. Webhooks are an essential part of our integration strategy. They enable real-time communication between our SaaS application and external services, allowing data to flow bi-directionally. This means that when specific events occur within our platform, such as user actions or updates, we can automatically trigger actions in external services or vice versa.
-
Multi-Factor Authentication
As part of our commitment to safeguarding valuable assets and ensuring the highest level of security within our organization, we have a mandatory implementation of Two-Factor Authentication (2FA) for all employee accounts. It is a requirement for all employees to enable and utilize 2FA (if possible) when accessing our internal systems, applications, and services. This additional layer of security is crucial in mitigating the risk of unauthorized access, protecting sensitive information, and preserving the integrity of our digital infrastructure.
-
Product Architecture
Hardware and Services: Kubernetes Cluster: We run containerized applications with DigitalOcean Kubernetes (DOKS), a managed service that allows us to conveniently run and manage Kubernetes clusters. Managed Databases: We use DigitalOcean Managed Databases that provide support for PostgreSQL and Redis, enabling us to focus on our applications while letting DigitalOcean handle database management tasks. Object Storage: For hosting assets and files, we utilize Amazon S3 from AWS, a scalable object storage service known for data archiving, backup and recovery, and more. Private Networking: On DigitalOcean, we make use of the VPC service for secure, private networking, which helps to isolate our resources and traffic, further securing our data. Other Features: Terraform Provider: DigitalOcean offers a mature Terraform provider, allowing us to manage our infrastructure efficiently. Data Centers in Central Europe: With DigitalOcean, we have access to data centers in Frankfurt and Amsterdam, located in central Europe. High Availability/Distributed Database: Our setup supports high availability with DigitalOcean's Managed Databases. They can be deployed with standby nodes across different data centers for failover support.
-
Role-Based Access Control
We use Role-Based Access Control (RBAC) to enhance the security of our systems and protect your data. While we have integrated RBAC into many areas, it's important to note that full implementation is an ongoing process. Rest assured, we have other robust security measures in place to safeguard your information. Our team is actively working to extend RBAC across all systems for comprehensive protection.
-
Service-Level Agreement
We offer a Service Level Agreement for our product. More information can be provided upon request.
-
Team Management
Our product supports team management capabilities to help administrators manage user needs and permissions.
Data Security
6How candidate and customer data is protected, encrypted, and recovered.
-
Access Monitoring
The following systems contain and need to be reviewed for their user rights: - The Network of Pescheck (Unifi, The specific members are registered and deregistered in Unifi by the CTO.) - The Dashboard (The specific members are registered and deregistered in Microsoft Entra ID (before known as Azure AD) by the CTO) - Sharepoint (The specific members are registered and deregistered in Microsoft Entra ID (before known as Azure AD) by the CTO.) - 1 Password (Password system, The specific members are registered and deregistered in 1Password by the CTO.)* - Hardware (Automatically synchronized with Microsoft Entra ID, the specific members are registered and deregistered in Microsoft Entra ID by the CTO.).
-
Data Backups
We ensure that data is backed up across multiple locations and can be retrieved within our recovery time objective if a failure does occur. Primary data centers are located in Amsterdam, the Netherlands / Frankfurt, Germany (back-up)/ Paris, France (back-up).
-
Data Erasure
We provide a service option to delete customer data upon request and will ensure that the data is erased within a set timeframe of two years. Hardware: The deletion of data happens when the hardware is no longer functioning. Or the hardware is not functioning for all of our internal users within PESCHECK. Then the CTO within the company will remove the hard disks from the laptops. After removing from the device he will totally erase them with the following tools: Scrub Wipe Shred DD We are following this article for overwriting hard disks with the new standards: https://www.blancco.com/resources/blog-many-overwriting-rounds-required-erase-hard-disk/ So, how many times should you overwrite a hard disk for complete data erasure? The answer: One pass is enough. To make sure there is no data left to recover. The hard disk will be checked afterwards if it contains any data.
-
Encryption-at-rest
We have chosen to store our sensitive data in secure S3 buckets provided by Amazon Web Services (AWS). We have opted for AES 256-bit encryption, known as one of the most secure encryption methods available. Our data is distributed across two AWS regions to ensure redundancy and availability. We store a portion of our data in Frankfurt, Germany, and another portion in Paris, France. These locations were strategically chosen to meet regional and compliance requirements while remaining within the European Union. For added protection against data breaches, we have enabled AES 256-bit server-side encryption. This means that the data is always encrypted during transport and at rest, and only authorized personnel can read it.
-
Encryption-in-transit
All of our communications at transit external or internal are done via secure and encrypted channels.
-
Physical Security
We implement physical and operational security measures including CCTV surveillance at key access points, controlled visitor and third-party access, and restricted entry procedures for employees and external personnel. Access to the office is managed through secured systems, with employees responsible for locking procedures in and outside working hours. Equipment protection is ensured through minimal on-site storage of valuable assets, as most systems are cloud-based with servers hosted externally in Europe. Remaining hardware, such as laptops, is securely stored, encrypted, and either locked on-site or taken home by employees to reduce risk of loss or theft.
Application Security
6Secure engineering practices across our software development lifecycle.
-
Responsible Disclosure
To support this commitment to security, we have established a Responsible Disclosure policy. This policy invites security researchers, ethical hackers, and concerned users to report any discovered security flaws or vulnerabilities directly to us. We encourage those who come across such issues to follow the guidelines outlined in our Responsible Disclosure policy. You can find the following information regarding responsible disclosure and a point of contact:
pescheck.io/security.txt -
Bot Detection
We use bot detection to protect our web application from automated login attacks.
-
Code Analysis
Available upon request.
-
Credential Management
We manage all secrets using the Hashicorp Vault.
-
Secure Development Training
We conduct a yearly security awareness training for all our employees.
-
Software Development Lifecycle
We prioritize security and code quality throughout the Software Development Life Cycle (SDLC). We implement various measures to ensure robust and reliable software, free from vulnerabilities. These practices include: - Branch protection on main branches. - Vulnerability scanning in the CI/CD pipeline. - Peer review for major changes. - Automated Testing. - Code Analysis Tools. - Secure Coding Guidelines. - Regular Security Training. - Penetration Testing. - Secure Third-Party Libraries.
Infrastructure
8The hosting, networks, and environments that run our services.
-
Status Monitoring
This page provides real-time updates on the status of our services and any incidents or maintenance activities that may affect your experience. By subscribing to our status monitoring page, you will receive instant notifications and alerts directly to your preferred communication channels, ensuring you stay informed about any potential disruptions or changes..
IT Security Policystatus.pescheck.io -
Anti-DDoS
Our Anti-DDoS policy includes advanced measures to protect our network and services from distributed denial-of-service attacks. These measures ensure continuous availability and performance, even under attack..
IT Security Policy -
BC/DR
Our Business Continuity and Disaster Recovery (BC/DR) policy ensures that business operations continue smoothly and data is recovered quickly in the event of a disaster. This integrated approach minimizes disruption and maintains service quality..
Backup and Restore Policy IT Security Policy -
Cloud Workload Protection
Our cloud workload protection policy ensures that workloads and applications running in cloud environments are secure. This includes continuous monitoring, threat detection, and automated response capabilities..
IT Security Policy -
Data Center
Our data centers provide secure, reliable, and scalable infrastructure for our IT operations. They are equipped with advanced security measures, continuous monitoring, and redundant systems to ensure optimal performance and availability..
Configuration Management Policy IT Security Policy -
Infrastructure Security
Our infrastructure security policy includes measures to protect our IT infrastructure from various threats, ensuring continuous availability and integrity of our systems and data. This includes firewalls, intrusion detection, and regular security audits..
IT Security Policy -
Network Time Protocol
We use Network Time Protocol (NTP) to ensure accurate time synchronization across all systems and devices. This is crucial for logging, auditing, and coordination of processes within our IT environment..
IT Security Policy -
Separate Production Environment
We have implemented a separate production environment that consists of three key stages: Test, Staging, and Production. This setup is designed to ensure the smooth and efficient delivery of our services while maintaining the highest standards of quality. Test Environment: The Test environment is the initial stage of our production process. It is where our development team conducts thorough testing, debugging, and quality assurance procedures on new features, updates, and enhancements. This environment allows us to identify and rectify any issues or inconsistencies before moving forward. Staging Environment: The Staging environment serves as an intermediary phase between testing and final deployment to the production environment. Here, we perform comprehensive end-to-end testing, verifying the compatibility and stability of the software across various systems, configurations, and datasets. Staging is a crucial step that ensures everything is functioning as expected before it goes live. Production Environment: The Production environment is the final destination where our services are made available to our clients and end-users. This environment is optimized for performance, reliability, and scalability to handle real-time user interactions and operational demands. It is continuously monitored and managed to ensure the highest levels of availability, security, and overall service quality.
Network Security
10Defences at the network layer, from firewalls to zero trust.
-
Data Loss Prevention
Our DLP policy focuses on preventing data loss through comprehensive monitoring and encryption strategies, as outlined in our Cryptography Policy. It includes continuous monitoring for anomalies and regular testing to ensure data security..
IT Security Policy Cryptography Policy -
DNSSEC
DNSSEC is enabled to ensure the authenticity and integrity of our DNS responses. This enhances the security of our internet-facing services by preventing DNS spoofing and other related attacks..
IT Security Policy Cryptography Policy -
Firewall
Our network is protected by a firewall with an integrated Intrusion Prevention System (IPS). This combination ensures continuous monitoring and defense against unauthorized access and potential security threats, maintaining the integrity and availability of our network services..
IT Security Policy Network Security -
IDS/IPS
Our IDS/IPS policy ensures continuous network monitoring and threat mitigation using advanced intrusion detection and prevention technologies. This aligns with our IT Security Policy to safeguard against unauthorized access and data breaches..
IT Security Policy -
Security Information and Event Management
Our SIEM policy involves real-time monitoring and analysis of security events to detect and respond to threats swiftly. It is supported by our IT Security and Incident Evaluation Policies..
IT Security Policy Incident Evaluation Procedures -
Spoofing Protection
Our spoofing protection policy includes measures like SPF, DKIM, and DMARC to secure email communications, preventing phishing and spoofing attempts..
IT Security Policy Cryptography Policy -
Traffic Filtering
Our traffic filtering policy ensures that only authorized traffic can access our networks, utilizing firewalls and advanced filtering techniques to prevent unauthorized access..
IT Security Policy Network Security -
Virtual Private Cloud
Our VPC policy ensures a secure and isolated cloud environment for our applications, with robust encryption and monitoring to maintain data privacy and security..
IT Security Policy Cryptography Policy -
Wireless Security
Our wireless security policy includes WPA2/PSK encryption and network segmentation to protect wireless communications and prevent unauthorized access..
IT Security Policy Network Security -
Zero Trust
Our Zero Trust policy mandates strict verification and access controls, ensuring that all users and devices are continuously authenticated and authorized..
IT Security Policy Access Control
Corporate Security
5The internal practices that keep the company itself secure.
-
Asset Management Practices
At PESCHECK, we implement Snipe IT, a robust asset management solution, to track, monitor, and manage our assets throughout their lifecycle. This centralized platform provides a comprehensive view of assets, including mobile devices, laptops, servers, and networking equipment, enabling informed decisions on allocation, maintenance, and replacement to ensure optimal resource utilization..
Configuration Management Policy -
Email Protection
Our email protection policy includes measures such as SPF, DKIM, and DMARC to secure email communications, prevent phishing and spoofing attempts, and ensure that outgoing email traffic is encrypted using opportunistic TLS..
IT Security Policy Cryptography Policy -
Employee Training
Our annual Security Awareness Training program covers IT Security, Compliance/Legal, and Physical Security. Employees learn about the latest threats, vulnerabilities, and best practices, including password management, safe internet browsing, recognizing phishing attempts, email security, secure data handling, compliance with regulations, privacy laws, and physical security measures. This training ensures employees are well-equipped to minimize cyber threats and protect sensitive information..
IT Security Policy Employee Training Guidelines -
HR Security
Internal screening includes checks such as integrity statements, ID verification, international PEP, sanction and watchlists checks, criminal record checks, online presence analysis, data checks, qualification and diploma verification, credit checks, work-reference CV checks, and letters of consent. These measures ensure that new employees are trustworthy and compliant with our security standards..
HR Policy -
Incident Response
Our security incident management process guides the identification, assessment, mitigation, and resolution of security incidents. It details the steps, roles, responsibilities, and communication channels involved, promoting accountability and minimizing the impact of security events on business operations..
IT Security Policy Business Continuity Policy
Risk Management
2How we identify, assess, and manage security and supply-chain risk.
-
Risk Assessments
PESCHECK conducts a risk assessment every three months in accordance with ISO 27001:2022. This process identifies, analyzes, and evaluates potential risks to our information security management system (ISMS). Based on the assessment, we implement appropriate controls to mitigate these risks and ensure the security of your data.
-
Supply Chain Risk Management
Security controls governing PESCHECK's third party relationships are detailed by PESCHECK's Supplier Management Policy and enforced by approval measures and oversight. External parties pursuing business relationships with PESCHECK, including but not limited to contractors, vendors, outsourced service providers, or partners, are assessed for their own security posture against industry standard frameworks for effective security controls maturity before approval and onboarding. Compensating controls are documented, enforced, and monitored in cases involving sensitive or strategic data access, and vendors are re-evaluated for changes in security posture on the occasion of any contract renewal.
Business Continuity
1Keeping the service available and recoverable when things go wrong.
-
Business Continuity Plan (BCP)
PESCHECK maintains a comprehensive Business Continuity Plan (BCP) to ensure the continuity of critical business functions and minimize the impact of potential disruptions on our operations and customers. The BCP is regularly reviewed, tested, and updated to ensure its effectiveness in the face of evolving risks and changing business requirements.
Training
1Keeping our people trained and aware of security responsibilities.
-
Security Awareness Training
PESCHECK conducts mandatory security awareness training for all employees. The training covers topics such as information security policies, data protection, secure handling of sensitive information, and identifying and reporting suspicious activities. Employees must complete the training and pass an assessment to ensure their understanding of the covered topics.
Change Management
1Governance over changes to systems and configurations.
-
Change Advisory Board (CAB)
The CAB reviews and approves non-standard (features) and emergency (critical bug fixes) changes before development. Approved changes are described in the dashboard repository and tracked via Agile Kanban (To Do, Doing, Testing, Done). Stakeholders test changes in a staging environment before production deployment. Emergency CAB meetings can fast-track critical fixes if needed, ensuring minimal risk and alignment with security standards like ISO 27001 and GDPR.
Policies
1The documented policies that govern our security programme.
-
Information Security Policy
The purpose of the Security Policy is to set out PESCHECK's objectives in the area of Security & Compliancy for its stakeholders and to protect all of the information assets across the organization from threats, whether internal and external, deliberate or accidental. This security policy applies to all employees, suppliers and contractors who are part of PESCHECK.
Access Control
3Who can reach data, and the controls that keep access least-privilege.
-
Data Access
The Access Control policy applies to staff authorised to have access to the Pescheck infrastructure or facilities. The following applies: - Access rights are granted on the basis of a need-to-know principle. - The provision and deactivation of the user account follows a defined procedure. - Assigning, adjusting and withdrawing access rights follows a defined procedure. The following systems contain and need to be reviewed for their user rights: - The Network of Pescheck (Unifi, The specific members are registered and deregistered in Unifi by the CTO.) - The Dashboard (The specific members are registered and deregistered in Microsoft Entra ID by the CTO) - Sharepoint (The specific members are registered and deregistered in Microsoft Entra ID by the CTO.) - 1 Password (Password system, The specific members are registered and deregistered in 1Password by the CTO.)* - Hardware (Automatically synchronized with Azure AD, the specific members are registered and deregistered in Microsoft Entra ID by the CTO.).
-
Logging
Our logging policy includes detailed and secure logging of critical events across all systems and devices. The central and secure log environment includes logging for capacity management, bug tracking, troubleshooting, and usage statistics for organizational and product development. This environment is secured according to the access policy, and users with access have only read rights.
IT Security Policy -
Password Security
These are the written policy instructions for our employees regarding Password Security: - Every employee uses a personal login name and a password to protect the computer. - Ensure a good and strong composition of your password: at least 8 characters of which at least 2 digits, even if the system does not technically enforce this. - Use a password management system (1Password) to save your passwords. - 2FA should be enabled when available in the system or application. - NEVER give your username and password to anyone else, not even your immediate colleagues.
Endpoint Security
5Protection for the devices our team uses to operate the service.
-
Disk Encryption
We use LUKS and BitLocker to encrypt the data on our corporate laptops, ensuring the confidentiality and security of sensitive information stored on these devices..
IT Security Policy Cryptography Policy -
DNS Filtering
Our DNS filtering policy includes blocking access to known malicious websites and harmful online resources, thereby protecting our network and users from potential threats..
IT Security Policy Network Security -
Endpoint Detection & Response
Our EDR solutions continuously monitor endpoint activities to detect, analyze, and respond to cyber threats in real-time. This ensures quick identification and mitigation of potential security incidents..
IT Security Policy Anti-Malware Policy -
Mobile Device Management
Devices are managed using an MDM solution where practicable. Devices not managed through MDM are manually checked for compliance with security policies. Notebooks and workstations must have an updated operating system and antivirus solution. Software installation restrictions are enforced via Intune, with exceptions approved by the CTO. IT laptops are exempt due to daily operational needs. Full disk encryption is implemented as a physical security measure on all mobile devices..
IT Security Policy Configuration Management Policy -
Threat Detection
Our threat detection policy employs advanced tools and techniques to continuously monitor our network and systems for potential security threats. This proactive approach helps in early identification and mitigation of threats..
IT Security Policy Incident Evaluation Procedures
Data Privacy
4GDPR-aligned handling of personal data across the screening process.
-
Cookies
We use various types of cookies on our website to improve the user experience: • Necessary Cookies: These cookies allow us to recognize you on a future visit, so your preferences are retained. You can delete these cookies via your browser settings. • Session Cookies: These enable us to monitor your browsing behavior during your visit and are deleted once you close your browser. • Tracking Cookies: With your permission, we place cookies that monitor your preferences and activities to tailor advertisements to your interests. • Google Analytics: We use this service to gain insights into website usage. The information collected is as anonymized as possible, and your IP address is not provided. The information is stored on servers in the United States and falls under Google's Standard Contractual Clauses. Your Rights: You have the right to request access to, correction, or deletion of data collected via cookies. Please contact us at [email protected] for requests or questions regarding our cookie policy. The cookielist is available on: https://pescheck.io/privacy-policy/
-
Data Into System
- CV data: name, address, gender, email address, telephone number, work history, education history, qualifications, certifications and skills - Identity data: ID card, passport or driving licence details, MRZ data, BSN number (where applicable), passport/ID number, nationality, passport nationality, date and place of birth, and document validity details - Address verification data: current and previous address information and supporting documents used to confirm identity and residence - Right to work data: information from visas, work permits or residence permits used to confirm legal right to work - VAR data: verification of labour relationship statements (VAR) or equivalent self-employment/tax registration documents - Criminal record data: certificates of good conduct, criminal record statements and related verification documents - Work and training history: employment history, job titles, duties, employment periods, education history, qualifications, diplomas, certifications, references and feedback from employers or institutions - Financial data: creditworthiness information, insolvency and bankruptcy records, debt-related information and credit scores obtained via third parties - Integrity data: information relating to financial integrity, bankruptcy history, dismissal or suspension history, conflicts of interest, additional positions, accuracy of CV information, professional conduct, and criminal convictions or allegations where permitted - Online information: publicly available information such as social media profiles, news articles, websites, blogs, forums, professional networks, watchlists and sanctions lists - Professional registration data: information on licences, certifications, memberships and registrations with professional or regulatory bodies - Additional documents: documents requested by the client such as payslips, confidentiality agreements, employment contracts, certificates or other supporting evidence
-
Data Protection Impact Assessment (DPIA)
We conduct Data Protection Impact Assessments (DPIAs) for projects or processing activities that involve personal data to identify and mitigate privacy risks and ensure compliance with GDPR.
-
Employee Privacy Training
Employee Privacy Training is designed to ensure that all our team members understand the importance of safeguarding sensitive information and respecting your privacy. This training equips our employees with the knowledge and skills to handle your data responsibly and ethically. Key aspects of our Employee Privacy Training include: - Data Protection: Our employees are educated on the significance of data protection and the critical role they play in maintaining the confidentiality and integrity of your information. - Privacy Regulations: We provide insights into relevant privacy regulations and laws that impact how we handle and process your data. This ensures that our practices remain compliant with legal requirements. - Ethical Handling of Data: Our training emphasizes the ethical handling of data, promoting a culture of respect for your privacy rights and data ownership. - Incident Reporting: We educate our employees on the proper procedures for reporting any potential privacy or security incidents, ensuring swift action and resolution if an issue arises. By integrating Employee Privacy Training into our Security Awareness Training program, we foster a workforce that is dedicated to upholding the highest standards of privacy and security.
Legal & Compliance
1Contracts, insurance, and legal safeguards that protect customers.
-
Cyber Insurance
To protect our operations and your data, we have cyber insurance in place with global coverage, excluding the USA and Canada. This ensures we are prepared to handle a variety of cyber risks and can maintain our services effectively in case of any incidents.
Geprüft und vertraut von Sicherheitsteams bei
Dokumente und Berichte
Zertifizierungen, Richtlinien und Berichte. Öffentliche Dokumente öffnen direkt; vertrauliche Dokumente sind für Kunden und Interessenten auf Anfrage verfügbar.
- ISO/IEC 27001 SoA Compliance Zugang anfragen
- Subprocessors Legal The latest version of our sub-processor list, kept up to date as our supply chain changes. Herunterladen
- Data Processing Agreement Legal The Data Processing Agreement is included as an appendix to our Terms of Service. Herunterladen
- Development Policy Documents The development policy describes the principles that exist within the organization for the development activities that are carried out within the organization. Zugang anfragen
- Internal Data Protection Policy Documents The Internal Dataprotection Policy sets out how PESCHECK processes the personal data that it holds (relating to clients, staff and third parties). It outlines PESCHECK's responsibilities under data protection legislation and regulation, setting out how it will comply, and provides instruction for staff handling personal data. Zugang anfragen
- PBSA Membership Documents MEMBER OF THE PROFESSIONAL BACKGROUND SCREENING ASSOCIATION. Taking part of the the Europe counsel Herunterladen
- POB licence Documents POB number: 1551 The POB (Particulier Onderzoeksbureau) certificate, also known as the Private Investigator's Certificate, is a license issued to private investigation agencies and individual private investigators in the Netherlands. It is required by law for any person or company engaging in professional investigative activities for hire. The POB certificate is governed by the Dutch Ministry of Justice and Security and is intended to regulate and control the private investigation industry in the country. It ensures that private investigators adhere to specific standards and guidelines, promoting professionalism, ethics, and accountability in their operations. WPBR register Justis: https://justis.nl/registers/wpbr-register/pescheck-bv Herunterladen
- Processing Register Documents The processing register refers to a record-keeping mechanism used to document and manage the processing of personal data by an organization or entity. It is an essential tool to PESCHECK for ensuring compliance with data protection laws and regulations, such as the General Data Protection Regulation (GDPR). The processing register serves as a central repository of information about the personal data processing activities conducted by the organization. It outlines the who, what, why, and how of data processing, providing transparency and accountability in the data handling practices. Zugang anfragen
- Network Diagram Reports This is the test-diagram of the dashboard. Other diagrams are available upon request. Zugang anfragen
- Pentest Report Reports Independent penetration test performed by WebSec BV. Certificate ID WSEC-XD508GT; the full report is available on request. Zugang anfragen
- Product Architecture Product Security Hardware and Services: Kubernetes Cluster: We run containerized applications with DigitalOcean Kubernetes (DOKS), a managed service that allows us to conveniently run and manage Kubernetes clusters. Managed Databases: We use DigitalOcean Managed Databases that provide support for PostgreSQL and Redis, enabling us to focus on our applications while letting DigitalOcean handle database management tasks. Object Storage: For hosting assets and files, we utilize Amazon S3 from AWS, a scalable object storage service known for data archiving, backup and recovery, and more. Private Networking: On DigitalOcean, we make use of the VPC service for secure, private networking, which helps to isolate our resources and traffic, further securing our data. Other Features: Terraform Provider: DigitalOcean offers a mature Terraform provider, allowing us to manage our infrastructure efficiently. Data Centers in Central Europe: With DigitalOcean, we have access to data centers in Frankfurt and Amsterdam, located in central Europe. High Availability/Distributed Database: Our setup supports high availability with DigitalOcean's Managed Databases. They can be deployed with standby nodes across different data centers for failover support. Zugang anfragen
- Access Control Policy Policies Zugang anfragen
Häufige Sicherheitsfragen
Could you explain how you process judicial data as it is prohibited by Article 10 of the GDPR?
Processing of Judicial Data under GDPR Article 10 Article 10 of the General Data Protection Regulation (GDPR) prohibits the processing of personal data relating to criminal convictions and offenses unless it is carried out under the control of an official authority or when authorized by Union or Member State law. PESCHECK's Legal Basis for Processing Special Categories of Personal Data. PESCHECK holds a Private Investigator (PI) license issued by the Ministry of Justice in the Netherlands. This license grants us the legal authority to process special categories of personal data, including judicial data. The PI license ensures that our data processing activities comply with stringent legal and regulatory requirements. https://www.justis.nl/registers/wpbr-register/pes-check Our license allows us to handle data related to criminal convictions and offenses, ensuring that all processing is conducted in a lawful and secure manner. This compliance framework enables us to provide comprehensive background checks while adhering to the highest standards of data protection and privacy. Our Commitment to Data Security At PESCHECK, we prioritize the security and confidentiality of the data we process. We implement robust security measures, including encryption, access controls, and regular audits, to protect the data from unauthorized access and ensure compliance with GDPR and other applicable regulations. By holding a PI license and following rigorous data protection protocols, PESCHECK is committed to providing reliable and secure background check services while maintaining compliance with legal requirements. ______________________________________ What could be reasons as a pi As a Private Investigator (PI) licensed by the Ministry of Justice in the Netherlands, PESCHECK has the legal authority to access and process special categories of personal data, including judicial data. Here's how this data can be accessed and the possible reasons for doing so: Accessing Judicial Data 1. Legal Framework and Authorization: o PESCHECK operates under a PI license, which provides the legal basis for accessing and processing judicial data. o Access to this data is strictly regulated and must comply with all relevant laws, including the GDPR and national regulations. 2. Data Sources: o Judicial data may be accessed from official records, government databases, and other authorized sources. o PESCHECK ensures that all data is obtained lawfully and that proper permissions are secured. 3. Security Measures: o Robust security protocols are in place to protect the data from unauthorized access. o Encryption, access controls, and regular audits are used to safeguard the data. Reasons for Accessing Judicial Data 1. Background Checks: o Verifying the criminal history of candidates as part of pre-employment screening. o Ensuring that individuals do not have a history of offenses that could pose a risk to the organization. 2. Regulatory Compliance: o Ensuring that the organization complies with industry-specific regulations that may require background checks. o Meeting legal obligations to verify the criminal background of individuals in certain roles, such as positions of trust. 3. Risk Management: o Identifying potential risks associated with hiring individuals with a criminal background. o Making informed decisions to protect the organization's assets, reputation, and workforce. 4. Security Clearance: o Verifying the eligibility of individuals for security clearances or other sensitive positions. o Ensuring that individuals with access to sensitive information or assets meet the required security standards. Transparency and Consent 1. Candidate Notification: o Candidates are informed about the background check process and the types of data that will be accessed. o Explicit consent is obtained from candidates before accessing judicial data. 2. Right to Access and Rectification: o Candidates have the right to access the data collected about them and request corrections if there are inaccuracies. o PESCHECK provides clear procedures for candidates to exercise these rights. Conclusion PESCHECK's ability to access and process judicial data as a licensed PI is governed by strict legal and regulatory frameworks. This ensures that all data processing activities are conducted lawfully, securely, and transparently, with the primary purposes being background checks, regulatory compliance, risk management, and security clearance. By adhering to these principles, PESCHECK can provide reliable and legally compliant background check services that meet the needs of its clients while protecting the rights and privacy of individuals.
Is segregation of data maintained?
We use Role-Based Access Control (RBAC) in Django by assigning users to groups that represent roles (e.g., Admin, Manager). Each role has specific permissions (view, edit, delete) applied to data within their organization. When users log in, Django checks their group membership and restricts access to their organization's data using query filters and permissions. This ensures logical data segregation and secure access control.
Background checks in Spain / Belgium
Requesting individual criminal background checks in Spain appears to be a straightforward process. The Ministry of Justice website doesn't provide specific attention or details regarding this regulation. Obtaining the actual document seems to be easily accomplished through the government website. However, it's crucial to ensure compliance with the GDPR and the Spanish LOPDGDD when dealing with personal data in Spain. Regarding the legal implications: Link --> https://www.engage.hoganlovells.com/knowledgeservices/news/criminal-background-checks-in-spain Article 10 focuses on the handling of personal data associated with criminal convictions, offences, and security measures linked to these criminal activities. It specifies that the processing of personal data concerning criminal convictions or offences must adhere to the guidelines outlined in Article 6(1). This processing should take place only under the supervision or control of an official authority. Alternatively, processing can occur if it is explicitly authorized by laws established by the European Union or the respective Member States. These laws must incorporate adequate measures to protect the rights and freedoms of individuals whose data is being processed. Furthermore, the article emphasizes that any comprehensive register containing details of criminal convictions should be maintained solely under the supervision or control of an official authority. This control ensures that sensitive data related to criminal activities is managed securely and in compliance with legal safeguards to protect the privacy and rights of individuals. As PESCHECK, we hold a POB #1551 [Pi] license granted by the Dutch Ministry of Justice, enabling us to conduct investigative and detective work as a background screening provider and processing of the category: Special Personal Data (such as Criminal). Furthermore, to have measurements and safeguard the right and freedoms of individuals.
Etwas Bestimmtes benötigt?
Sicherheitsfragebögen, einen AV-Vertrag, eine Muster-DSFA oder einen Bericht unter NDA, unser Datenschutzbüro unterstützt Ihre Due Diligence gern.