SoftBCom Berlin GmbH – Platform and Project Solutions





1. Hosting & Infrastructure

  • The QAWacht SaaS platform and other project-based solutions from SoftBCom are operated on dedicated cloud servers hosted by Hetzner Online GmbH in Germany.
  • The data centers are ISO/IEC 27001 certified and meet requirements for physical security, power supply, access control, and infrastructure redundancy.


2. Data Residency & Data Protection

  • Personal data of the customer is processed and stored exclusively within the geographic region contractually or product-specifically defined:
    • For customers based in Germany: exclusively within Germany (e.g., on servers operated by Hetzner Online GmbH).
    • For customers in other EU member states: within the European Union.
    • For customers in third countries: within the region contractually defined (e.g., EU data center), where technically available.
  • Data is not transferred outside the defined region. If processing outside this region is technically or functionally necessary (e.g., for external AI services), the data is fully anonymized beforehand to ensure no personal reference as defined under the GDPR remains.
  • SoftBCom complies with the requirements of the GDPR, particularly Articles 5, 6, 28, and 32.


3. Access Controls

  • Access is granted exclusively for maintenance and service purposes to authorized personnel based on role-based permissions.
  • IP filters are used.
  • Automatic session timeouts can be activated if needed.


4. Encryption

  • Data is transmitted via TLS 1.2+.
  • Security-relevant configuration data (e.g., API keys, tokens, access credentials) is encrypted using AES encryption.


5. Backup & Recovery

  • Application-specific backups are executed according to predefined backup plans.
  • Recovery testing is carried out in accordance with the established contingency plan.


6. Incident Management

  • Internal processes are in place for the detection, documentation, and evaluation of security incidents.
  • SoftBCom is committed to reporting relevant incidents to affected customers in accordance with Article 33 of the GDPR.


7. Penetration Testing & Technical Assessments

  • Internal security reviews are conducted prior to each major release or project-specific deployment.
  • External penetration tests by independent IT partners can be arranged on request (subject to cost reimbursement).


8. Subprocessors & Responsibilities

  • A current list of active subprocessors is published here: https://www.softbcom.com/trust/subprocessors
  • Data processing is carried out in accordance with the DPA (Data Processing Agreement) and the documented Technical and Organizational Measures (TOM).


9. ISO Compliance Statement

    • SoftBCom aligns with the core principles of ISO/IEC 27001 and implements them within its internal information security management framework.





1. Privacy Policy

https://www.softbcom.com/privacy-policy


2. SaaS-Nutzungsbedingungen

https://www.softbcom.de/en/saas-terms-of-use


3. General Terms and Conditions (GTC)

https://www.softbcom.de/en/gtc


4. Data Processing Agreement (AVV / DPA)

https://www.softbcom.com/trust/dpa


5. Technical and Organizational Measures (TOM)

https://www.softbcom.com/tom


6. List of Subprocessors

https://www.softbcom.com/trust/subprocessors


7. Data Processing principles for QAWacht

https://www.softbcom.com/trust/QAWacht-data-processing-principles


8. Online Subscription Agreement.

http://www.softbcom.com/trust/Online-subscription-agreement