Hogrefe Trust Center

We are transparent regarding the policies and technologies we use to implement security and privacy in HTS Online.

Our promise to you – Your data is safe.

This page provides an overview of how Hogrefe ensures the confidentiality, integrity, and availability of your data at every stage of information processing. 

To protect your data and privacy, it's essential not only to comply with legal regulations safeguarding personal information but also to stay abreast of the latest developments in the digital world. 

We assure you that your trust in us is a valuable asset, that we uphold with transparency, reliability, and continuous improvement. 

  • Transparency – Data lifecycle in HTS Online: What data is collected, processed, and stored?
  • Infrastructure security – IT infrastructure: Protection and stability
  • Organizational security – organization and training
  • Internal security procedures: Systematic Security Measures: Efficient internal procedures for IT security

This text is also available in German.

Transparency

We transparently illustrate how data is being used within HTS Online. 

What data needs to be input?

In HTS Online, you can create anonymous records by using an ID. For some tests, age and gender is required as input when using a specific norm. However, this information does not enable the identification of an individual.  

Test taker management is customizable. HTS has no influence what personal data is added within the test context by the diagnostician. You can configure an individual data processing consent. 

What data is processed?

Input data that is required for test evaluation is processed according to the test procedure. This is done scientifically under strict guidelines for the respective procedure. 

What data is stored and where?

Test taker data and test data is stored in a data center in Germany.  

Test taker data and test results are stored in a customer database. 

Input data that has been input by the test taker is stored in logfiles to ensure reconstruction in the unlikely event of a test termination. These logfiles are anonymized after two weeks. 

How long is data stored?

Data that is stored within the customer database can be stored as long as the contract is valid. The customer can configure auto delete functionality within HTS Online. When the contract is terminated, all data is automatically and irreversibly deleted. 

How can I delete my data?

Auto delete functionality can be configured by the customer. You can configure if test results and/or test taker data should be subject to the auto delete routine.  

Infrastructure security

Network security​ 
Firewalls are used to protect our network and to prevent unauthorized access. They are continuously monitored. 

Certificates​ 
Certificates ensure the trustworthiness of our websites and the encryption of the transmitted data. 

Encryption  
Data at rest and data in transit is encrypted with up-to-date encryption methods to ensure confidentiality and integrity of information. 

Backups  
Regular backup of network configurations and data to facilitate swift recovery in the event of a security incident.  

Backup recovery tests  
To ensure that backups can be restored successfully, recovery tests are performed at regular intervals.  

UPS (Uninterruptible Power Supply)  
The data center has a UPS installed.

Organizational security

Security awareness training  
Employees are trained in IT security, data protection and information security at regular intervals. 

Password policy established  
Guidelines for secure handling of passwords and secure authentication for all employees are established. 

Confidentiality Agreement signed by all employees  
Our Onboarding process ensures that all employees sign a confidentiality agreement. 

Confidentiality Agreement signed by external personnel  
Within the contractual agreement process every external employee must sign a confidentiality agreement. 

Internal security procedures

Access control  
Our Onboarding, Change- and Offboarding processes ensure that access rights are role based granted, changed, and revoked. 

Authentication methods  
Our company uses strong authentication methods (passwords and Multi Factor Authentication) 

Physical security  
Physical access control with transponders, alarm systems, and video surveillance is in place. 

Data protection  
We protect your data using up-to-date technology and according to the EU General Data Protection Regulation (GDPR).