Buildsimple offers customers the following guarantees with regard to compliance with the GDPR
FAQs – Frequently Asked Questions
What does the General Data Protection Regulation (GDPR) stand for?
The General Data Protection Regulation (GDPR) is a European Union regulation that standardises the rules for the processing of personal data by most private and public data processors throughout the EU. In this way, the protection of personal data within the European Union on the one hand and the free traffic of data within the European internal market on the other hand are guaranteed.
Who is covered by the GDPR?
The GDPR regulates the data protection for all EU citizens and all people staying within the EU. There is no difference between B2B (business) and B2C (consumer).
How do we deal with GDPR and data protection?
All our services are developed and operated in accordance with DSGVO.
Each customer signs a standardized or specific data processing contract with Buildsimple. This contract contains the list of processed personal data and the information of the processing supply chain.
After a customer has unsubscribed from the Buildsimple services, all information will be automatically and completely deleted.
Are Buildsimple Services / Products GDPR compliant?
The Buildsimple products correspond to the General Data Protection Regulation (GDPR). Our customers decide which personal data should be processed. Buildsimple will never use or reuse data of its customers outside the agreed scope of services.
How do I get help, if I have questions about GDPR and Buildsimple?
The data protection coordinator of ISR Information Product AG is Malte Sukopp. As the central data protection coordinator, he is also responsible for Buildsimple.
Appointed data protection officer:
Haus Sentmaring 9
Tel.: +49 251 203197-0
Fax: +49 251 203197-99
Data Protection Coordinator:
ISR Information Products AG
Lange Str. 61
Is AWS secure?
The AWS infrastructure has strong security measures in place to protect customers’ data. All data is stored in strictly secured AWS data centers.
AWS manages dozens of compliance programs in the infrastructure. This means that your compliance requirements are already partially met.
Security is scaled according to your AWS cloud usage. No matter how large or small your business, the AWS infrastructure protects your data.
Read more about AWS Security: https://aws.amazon.com/security/
Which AWS regions are supported by Buildsimple?
EU (Frankfurt am Main) for European customers according to GDPR
USA East (North-Virginia) for American customers
Are there public models that have already been trained?
Neural networks must be trained to deliver good results. Buildsimple supports the training of arbitrary models for arbitrary document types. Some document types already have public models trained by Buildsimple that can be used as an introduction.
Public models trained by Buildsimple exist for the following document types:
- Bill (English & German)
- Contract (English & German)
Does Buildsimple use subcontractors?
Buildsimple operates its infrastructure on Amazon Webservices. Buildsimple uses Amazon Webservices’ data centers and services to deliver its services.
Amazon Web Services EMEA SARL
38 avenue John F. Kennedy
Service: Providing the cloud infrastructure / services
Questions? Connect with our support team
Your data is protected by SHA encryption and documents are securely processed in the appropriate AWS region.
Each API call is SSL-encrypted and only accessible via HTTPS.
We use the AWS API Gateway, which provides a variety of security features. The Amazon API Gateway performs all tasks to accept and process up to hundreds of thousands of simultaneous API calls, including: Traffic management, authorization and access control, API version monitoring and management.
You can find more information about API Gateways here
Runtime data which is deleted after processing:
The data is stored temporarily in secure AWS DynamoDB and S3 buckets and deleted after the document has been processed.
The results of classification and entity extraction are stored in encrypted DynamoDB tables. This data is only accessible to the respective customer and will be deleted after 72 hours.
Training data (Document Trainer):
The previously trained information of the machine learning models cannot be reconstructed.
Authorize specific administrators, users, and applications:
Multi-Factor- Authentication (MFA)
Individually defined access to objects in Amazon S3, Amazon SQS and Amazon SNS
Authentication of API requests
Temporary Access Tokens with AWS Security Token Service
All our services are GDPR ready:
Each customer signs a standard or specific data processing contract with Buildsimple. This Agreement contains the list of personal data processed and the information of the processed supplier network.
After the customer has unsubscribed from Buildsimple Services, all information will be automatically and completely deleted.
IT Service Continuity Management (on request)
List of procedural instructions (on request)
Security by Design Ansatz für folgende Funktionen:
Erzwingende Funktionen sollen erstellt werden, die von Nutzern ohne entsprechende Änderungsberechtigung nicht überschrieben werden können.
Einrichtung einer zuverlässigen Ausführung der Kontrollen
Ermöglichung einer fortlaufenden Prüfung in Echtzeit
Das technische Skripting Ihrer Governance-Richtlinien soll durchgeführt werden.
“Security” of the Well-Architected-Framework deals with the protection of information and systems. Key issues include confidentiality and data integrity, rights management including setting and managing individual permissions, protecting systems, and establishing controls to detect security incidents.
ISO 27001 (work in progress)
The international standard ISO/IEC 27001 Information technology – Security techniques – Information security management systems – Requirements specifies the requirements for setting up, implementing, maintaining and continuously improving a documented information security management system taking into account the context of an organization. In addition, the standard includes requirements for the assessment and handling of information security risks according to the individual needs of the organization.
Cloud Security Alliance STAR Self Assessment (work in progress)
CSA STAR Self Assessment is free and open to all cloud providers and allows them to submit self assessment reports that document compliance to CSA-published best practices.