Data security


The backup of all data as well as the program logic (interfaces for the provision of data to the individual applications, roster algorithms, etc.) is carried out on servers of subcontractors, whose technical and organizational measures are in turn defined in order processor agreements with the respective AAV. The most important points of these agreed technical and organizational measures are explained below.




Measures to prevent unauthorized persons from accessing data processing facilities include:

  • Central locking systems
  • Basically closed accesses
  • Visitor regulation: picking up visitors, not staying alone
  • Documented procedures for issuing, returning, and reporting the loss of an access device.
  • Alarm systems with video surveillance

Measures to prevent data processing systems from being used by unauthorized persons:

  • Only used network sockets are patched
  • No WLAN networks in use
  • Firewall, Intrusion Detection System
  • Access to DV devices with personal
  • User ID and password
  • Documented assignment of user IDs
  • Password guidelines: at least 8 characters, consisting of special characters, upper/lower case letters as well as numbers (at least 3 out of 4)
  • Time-controlled password renewal if required
  • Login logging
  • Home partition of the workstations encrypted
  • Remote access only via VPN
  • Whitelist for allowed IP addresses

The use of a data processing system is subject to access authorizations that ensure that users can only access authorized data and that personal data cannot be read, copied, modified or deleted without authorization during processing, use and after storage. This is ensured by the following measures:

  • User roles/group concept
  • Separate granting and management of user rights
  • Checking/updating permissions
  • Central virus protection program with automatic updates
  • Time-controlled locking of devices during inactivity

Data collected for different purposes can be processed separately.

  • Company data (accounting, personnel management, etc.)
  •  Physically separated
  • Separation of development and production environment


The entry, modification and deletion of personal data in data processing systems is logged for traceability, and access and deletion of old logs is regulated separately.

Encrypted transmission, identification/authentication, and regulations on the destruction of data media ensure that personal data cannot be read, copied, modified, or removed without authorization during electronic transmission or during its transport or storage on data media. In addition, it is possible to check and determine to which entities in detail personal data is intended to be transmitted by data transmission facilities.


All servers used to provide our services are located in data centers in the EU area and meet the protection measures according to DIN ISO 27001

  • Access control systems
  • Video surveillance
  • Redundant, uninterruptible power supply
  • Overvoltage protection
  • Protection against fire and water ingress
  • Performance monitoring
  • Intrusion detection system (DoS/DDoS attacks)

In addition, data is protected against accidental destruction or loss by:

  • Redundant IT infrastructure
  • RAID hard disk storage
  • Replacement / exchange components on site
  • Data backup concept
  • Checking backups
  • Virus scanners and firewalls with central updates

Review, assessment and Evaluation

In order to ensure that personal data can only be processed in accordance with the agreed instructions of the client, order processor agreements are also concluded with any sub-providers. The providers used have also implemented a data protection management system, with the help of which the verification obligations of the GDPR and the DSG are implemented. This includes, among other things:

  • Legal bases of the processing, Art6 GDPR
  • Granting of consent, Art7 GDPR
  • Transparent information, Art12 GDPR
  • Compliance with information obligations, Art13 GDPR
  • Data protection through technology, Art25 GDPR
  • Right of access of the data subject, Art15 GDPR
  • Right to rectification, Art16 GDPR
  • Right to erasure, Art17 DSGVO
  • Implementation of the storage limitation, Art5 DSGVO
  • Implementation of the security of processing, Art32 GDPR
  • Listing of all processors, Art30 para.2 DSGVO
  • Data breach management, Art33 GDPR
  • Presentation of the obligation to notify supervisory authorities, Art33 GDPR
  • Certification, Art42 GDPR
  • Risk assessment, data protection impact assessment, Art35 GDPR
  • Audit documentation
  • Documentation from
  • Awareness measures

An organizational and technical process for handling security incidents has been defined and implemented (incident response management). This also ensures a uniform response and proceduralized handling of identified and suspected security incidents/disruptions. This also includes uniform follow-up and monitoring as part of a continuous improvement process.

User access

Access to the applications and data is only possible with an activated account. Passwords are stored in encrypted form and cannot be read in plain text. The registration is not publicly accessible, all user registrations are initiated either by MD meinDienstplan GmbH (initial provision of the platform) or by authorized users of a customer (linking of employee accounts, global user rights management).


MD meinDienstplan GmbH offers various services in the form of web applications as well as mobile apps (iOS/Android). With a valid and activated user account, users can access these applications and their data.

Access to the complete data is granted to MD meinDienstplan GmbH employees who absolutely need it to perform their work (development, support). All employees are subject to confidentiality agreements and are trained in best practice data security procedures. Application servers validate user access and ensure that only data based on the user's access rights is transferred. Here, authentication of individual client requests is done via JWT (Json web tokens), which are created at login. All communication between the clients (web applications, apps) and the application servers is SSL encrypted. The JWT (Json Web Token) created at login can be renewed when the web or mobile apps are used. If a user is inactive for more than 7 days, the token loses its validity and the user must log in again to regain access to the application and the data approved for him.

Interfaces (APIs)

One possibility for customers to obtain data from the systems of MD meinDienstplan via supported platforms is access via interfaces (API). Each API access must be specifically approved, and the associated API token via which the third-party platform gains access to the data of the respective customer can be invalidated at any time by the customer or, if necessary (customer request, misuse, etc.) by employees of MD meinDienstplan GmbH. User roles and their permissions determine which users can create API tokens.

User management

User accounts are managed and authenticated via a centralized authentication server, which provides access to all platforms with a single login (single sign-on). Via this server, users can change their basic data (e-mail, password) themselves and activate 2-factor authentication (2FA). The 2FA takes place via an authentication app (e.g. Google Authenticator, Authy, etc.) and can be activated and deactivated independently by each user.



The databases of the individual applications of MD meinDienstplan GmbH are completely separated from each other. Direct access to the database is only permitted to system administrators. Reading access may be permitted in individual cases, provided that the respective representative can demonstrate an appropriate basis for access (e.g. troubleshooting, support) and the desired purpose cannot be fulfilled beyond the pure use of the applications.

Application environments

Each application has several environments (development, staging, beta, live), which are run on different servers and are therefore not logically connected. For productive use, the user is granted access to the production environment of the applications authorized for him. Individual customers can, after selection by MD meinDienstplan GmbH, additionally get access to one or more beta environment(s) to pre-test new features before the official release and to support the development with feedback. All application environments are managed with the same security standards as the production environment.

Data changes

Changes to critical data as well as defined application processes that can significantly affect the customer's operations (month-end closings, changes to employee data, corrections to recorded working times, etc.) are logged. For logging purposes, it is irrelevant whether the data is changed by the customer himself or by an employee of MD meinDienstplan GmbH (e.g. in the course of support).

Security tests

MD meinDienstplan GmbH regularly commissions external service providers to perform security and penetration tests to check the environments for vulnerabilities. Identified problems are then made available in detailed reports and remedied by the development team.

Backup and restore

Each application performs a fully automatic backup of all data and configurations at least 1x daily. Depending on the application scenario and the variability of the data, additional backups are performed at shorter intervals; for example, recorded clocking-in times are backed up hourly in myTimeCapture due to their high variability. The backups are stored locally on the respective application server and then additionally transferred to a separate server, which is not logically connected to the application servers. Backups of all applications are stored for at least 30 days. In the unlikely event of a complete malfunction, the entire MD Services application environment can be placed in a maintenance mode, which temporarily prevents access to all MD meinDienstplan GmbH services, in order to be able to restore the last backed up data status. The duration for such a total restore of all applications is currently estimated at a maximum of 24 hours, but the probability of such an event (simultaneous failure with data loss in all applications) is extremely low.


MD meinDienstplan GmbH guarantees an availability of its services and systems of 99.6% on an annual average. Excluded from this are planned maintenance windows as well as problems outside the sphere of influence of meinDienstplan (e.g. force majeure, natural disasters, failure of the Internet provider, etc.). Necessary maintenance work and updates that could disrupt service availability are generally carried out between 00:00 and 06:00 and limited to a necessary minimum. The customer receives - if due to short-term necessity not otherwise organized - at least 48 hours, but usually 7 days before a notification.