Data protection and IT security

  • Home
  • Data protection and IT security
// Data protection and IT security

Maximum data security

with bookingtime

When introducing online appointment booking in a company subject to GDPR and data confidentiality under the German Penal Code (StGB), such as a health insurance provider, numerous aspects must be considered to meet legal requirements. Compliance with these requirements is a core component of both bookingtime’s corporate structure and software. The following points are essential in this process.

Legal basis

General Data Protection Regulation (GDPR)

Art. 6 GDPR

Lawfulness of processing.





Art. 13 & 14 GDPR

Transparency and information obligations.




Art. 35 GDPR

Data protection impact assessment (DPIA).




§ 203 StGB

Special requirements for the confidentiality of health data. Employees and service providers are obligated to maintain confidentiality.

Technical and organizational measures (TOMs)

For particularly sensitive data, this also includes two-factor authentication (2FA) in data exchange between your customers and your company.

For particularly sensitive data, this also includes two-factor authentication (2FA) in data exchange between your customers and your company.

Pseudonymization and anonymization are applied wherever possible to ensure data privacy.

Access rights and authentication are managed according to your internal policies, such as via OAuth 2.0.

Contract design with bookingtime

Upon request, bookingtime can assume the role of the data controller for your customers in the appointment booking process.

A Data Processing Agreement (DPA) according to Article 28 GDPR is mandatory.

 

// Curious about what the system offers?

Register now to try it out!