Skip to main navigation Skip to main content Skip to page footer

Alfabet joins Bizzdesign and Mega in creating a new force in enterprise architecture and strategic portfolio management.

Compliance documents

Data Protection

Alfabet products have been analyzed in respect to their functionality of processing personal data regarding the applicable data protection principles. For future functionalities, a release task to check for data protection compliance has been integrated into the product release cycle.

We have defined clear processes for relevant data protection aspects:

  • Handle Data Subject Requests
  • Handle Data Breach
  • Review DPA (Data Processing Agreement)
  • Data Privacy Impact Assessment Necessity Check
  • Data Privacy Impact Assessment (DPIA)
  • Data Breach and Risk Assessment
  • Transfer Impact Assessment (TIA)

 When processing personal data on behalf of our customers (data controllers) or when access to personal data cannot be ruled out in line with service provision following aspects are covered: 

  • Customer’s instructions: Alfabet process personal data only as instructed by the customer and in compliance with data protection law applicable to the customer.
  • Sub-processors: Our mission is to provide for high support services availability. This requires Alfabet to include its affiliates all around the world as well as carefully selected external service providers into its support process. These organizations act as sub-processors to our customers. Also, for providing cloud and consulting services, sub-processors are used to provide the highest possible standard of quality, performance and flexibility to our customers.
  • Data transfer: As mentioned above, for service provision, a transfer of personal data to external service providers is occasionally necessary. For any data transfers from EEA to countries without an adequate level of data protection, EU Standard Contractual Clauses are in place. This ensures the necessary safeguards to protect customers’ personal data in accordance with data protection regulations.
  • Data subject requests: Alfabet’s customers as the data controllers might be required due to applicable data protection law to provide information upon a data subject’s request. To the extent the request was addressed to Alfabet by a data subject directly, we will notify the respective customer and will respond to the data subject in accordance with the customer’s instructions. Additionally, we will support our customers using appropriate technical and organizational measures to respond to data subjects’ requests themselves.
  • Data breach notification: In case of a data breach, Alfabet’s customers as the data controllers might be obliged to fulfill certain notification obligations towards the affected data subjects and / or the supervisory authority. Alfabet will inform its customers without undue delay in case we have documented reason to believe that a data breach at Alfabet or our sub-processors has occurred. 

All our processes regarding data protection are subject to regular external audits in line with ISO 9001 certification.

Alfabet holds ISO 9001certification, which we acquired as part of Software GmbH. Following the acquisition by Bizzdesign, we are working on renewing the certification, which will also be accessible here.