Privacy and data security at Actineo

System Quality

Actineo, a Verisk business, has created a complex set of medical rules that allows incoming data to be reviewed consistently based on ICD 10.

These rules are continuously reviewed and improved by qualified medical staff. Correct results are ensured by regular quality and consistency checks.

Cases which require clarification are generally sent to a competent medical team for individual assessment.

Data Security

Audited by the TÜV Association: Actineo is a service provider with a certified data protection management system

Privacy and data protection are our top priority at Actineo, a Verisk business, and are the bedrock of our innovative services and digital products. At the start of 2018, Actineo was successfully certified in data protection by the TÜV Rhineland Association, an independent third party, as a "Service Provider with Verified Data Protection Management". This certification is based on statutory requirements contained in the EU's General Data Protection Regulation (GDPR), the international security standard ISO 27001, and the IT Baseline Security Catalogue published by the Federal Office for Information Security (BSI). This seal confirms that Actineo employs a data protection management system that goes beyond the legal requirements and that the company is considered to be a role model in all things data protection. The TÜV Rhineland Association conducts annual audits in order to renew this certification. Actineo in the Certipedia certification database

When it comes to privacy, we set the highest standards of security. Our rule is: privacy is elementary. For example, we are bound by the statutory data protection regulations of the GDPR and we are subject to supervision by the State Data Protection and Freedom of Information Officer for North Rhine-Westphalia and our clients' data protection officers without restriction.

We conclude data processing agreements with all our clients. Data are secured using a closed, internal network that includes firewalls, virus, server and system monitoring tools, plus state-of-the-art data encryption, fully automated data back-ups several times a day on separate servers and destruction of data/documents where instructed according to Art. 4 GDPR. The separation of data on the application side ensures that customer data can only be accessed within the specific application.

Individual employee chip cards are required to access all security-relevant zones. Our security measures and specifications are backed up by emergency power, warning and alarm systems in our server centre. A data protection officer monitors our compliance with secure procedures.

It goes without saying that every employee of ACTINEO GmbH is bound in writing to the statutory confidentiality provisions of Art. 5(2) GDPR. Employees are prohibited from processing, using, or making personal data available to external parties in any form without authorisation.