// Data protection and IT security
Maximum data security
with bookingtime
When introducing online appointment booking in a company subject to GDPR and data confidentiality under the German Penal Code (StGB), such as a health insurance provider, numerous aspects must be considered to meet legal requirements. Compliance with these requirements is a core component of both bookingtime’s corporate structure and software. The following points are essential in this process.
Legal basis
General Data Protection Regulation (GDPR)
Art. 6 GDPR
Lawfulness of processing.
Art. 13 & 14 GDPR
Transparency and information obligations.
Art. 35 GDPR
Data protection impact assessment (DPIA).
§ 203 StGB
Special requirements for the confidentiality of health data. Employees and service providers are obligated to maintain confidentiality.
Technical and organizational measures (TOMs)
For particularly sensitive data, this also includes two-factor authentication (2FA) in data exchange between your customers and your company.
For particularly sensitive data, this also includes two-factor authentication (2FA) in data exchange between your customers and your company.
Pseudonymization and anonymization are applied wherever possible to ensure data privacy.
Access rights and authentication are managed according to your internal policies, such as via OAuth 2.0.
Contract design with bookingtime
Upon request, bookingtime can assume the role of the data controller for your customers in the appointment booking process.
A Data Processing Agreement (DPA) according to Article 28 GDPR is mandatory.