Data protection


Anonymous data collection
You can visit Movis24 without telling us who you are. We only receive information about the website from which you were linked to our site and the pages which you visit with us. This information can be evaluated for statistical purposes. As an individual user, your anonymity is guaranteed.

Collection and processing of personal data

Your personal data will only be collected if you provide this to us voluntarily when submitting an enquiry via e-mail. We exclusively use the data collected in this manner to help us respond to your enquiry. Your data is neither forwarded to third parties nor used for advertising or market research purposes.

Data security
We take adequate measures to ensure the technical and organisational protection of your data. Our employees are obligated to comply with data protection requirements, while our service providers entrusted with data processing are carefully selected and also subject to the relevant data protection provisions.

Encryption requirements
The platform (incl. server) meets the highest security and encryption standards and applies state-of-the-art technology. Established industry standards for data encryption are applied in this area. The communication between the enquirer and the Movis24 system is fully SSL encrypted. The data is encrypted on the application side and stored with an AES-256 encryption in the database. This guarantees an uninterruptible encryption chain.

The data is decrypted with the informant’s password, which is protected against dictionary and brute force attacks using various key-strengthening techniques. Password guidelines also prevent the allocation of overly simple passwords.
  • Combined SHA-256 hashes
  • 256-bit SALT
  • >100,000 iterations per hash
This method ensures that there is no security-relevant plaintext data in the system's database.

Multi-part keys saved in various locations ensure that the data cannot be decrypted even in instances in which the database is completely exposed.

The number of login attempts is limited by the system. Should the number of permitted attempts be exceeded, the account in question is blocked automatically. The administrator is also made aware of the failed login attempt via an automatic notification.

Encryption
Data can only be decrypted within the application, as the necessary keys are composed dynamically by the application. It is not possible to decrypt the saved data upon accessing the database directly using third-party software.

Alteration security
The transmitted files cannot be altered. It is only possible to add information. It is not planned to physically delete the files.

Anonymity

Complete anonymity can only be guaranteed if information is provided from outside the company. If anonymous information is transmitted from a company network, conclusions can be drawn about the use of the portal if the infrastructure used by the company is monitored (use of firewalls and proxy servers for logging purposes).

Host
The productive client systems are operated exclusively in a high security data centre at weblink GmbH in Zurich where separate technical and organisational measures apply. The measures and solutions that weblink GmbH implements in the areas of data security and data protection meet the highest information security standards.

All of the internal server technology is located in locked server cabinets, which in turn are located in a locked server room. Access to this closed-off area is exclusively granted to those internal employees who are responsible for the technology.

Access control
All employees of the Movis24 platform only have access to the data that is relevant for their area of responsibility. Unauthorised access is prevented by authorisation and access regulations together with the respective access controls. Movis24 employees are obligated to maintain discretion and are subject to data confidentiality rules within the framework of their employment contract.

External links

To ensure that you are optimally informed, you can find links on our website that refer to third-party sites. These are carefully checked before being activated. Movis24 is neither responsible for the contents of such web pages nor for ensuring that the operators of these sites adhere to the applicable data protection regulations. As such, the guarantees provided in this data protection declaration do not apply to these sites.

Guarantee
Although the information, data and contents of our website are checked and updated on an ongoing basis, certain information published on the site may have changed in the meantime. Movis therefore provides this information without any guarantee or warranty of any kind, either explicitly expressed or implied.

Copyright
All texts, images and graphics as well as their arrangement are subject to copyright protection and other acts protecting intellectual property rights. They may not be copied for commercial or private use or for distribution nor may they be modified and used on other sites. All rights reserved.

Contact person

The contact person at Movis for all issues regarding data protection is Mr Martin Bircher (e-mail:  martin.bircher@No spam please!movis.ch)



 
Access Movis   |   About us   |   Publication data   |   GTCs / liability   |   Data protection   |   © Movis AG