NWS
Certifications

Trust through transparency, security through standards

Certificates & data protection

ISO 27001 certificate

We attach great importance to the protection and security of our customers’ data. Since October 2024, TÜV Nord has officially confirmed our compliance with the highest security standards through ISO 27001 certification. This certification underlines our commitment to protecting your data in accordance with strict international standards.

In addition, we are committed to ensuring that our security measures are always state of the art and are continuously developed through regular audits. So you can be sure that your data is in the best hands with us – now and in the future.

Download our ISO 27001 certificate

PCI DSS Compliance

NETWAYS Web Services is PCI DSS compliant – a globally recognized security standard, especially for the protection of payment data. This compliance confirms that we meet the highest requirements for the security of sensitive payment information.

For our customers, this means additional protection when processing their data and the certainty that all transactions and payment processes are secured in accordance with the strictest security standards. In this way, we offer you maximum security and trust when handling your sensitive payment data.

View PCI DSS Compliance

Data security and protection at our data centers

Our two data centers are located in Nuremberg and are operated independently of each other with their own infrastructure (firewalls, load balancers, switches and more).

“RZ01” and “RZ02” are connected redundantly with 10,000 Mbit/s via fiber optics. This means that in the event of a problematic event, a failover to the other location takes place.

More about our data centers

Why data protection is important to us

Data protection and information security are not one-off measures – they are part of our corporate culture. We continuously invest in training, technology and processes to protect your data in the best possible way. We respect you and your rights and rely on trust and loyalty.

Download our employment processing contract for more information.

Download AVV

Our commitment to safety

As a provider of modern cloud, Kubernetes and SaaS solutions, the protection of your data
and the security of your IT infrastructure is a key concern for us.
On this page, we provide you with transparent information about our data protection and security standards.

How we protect your data

Transparency

We provide you with clear and transparent information about how your data is used and are fully GDPR-compliant.

Risk reduction

By taking the right security measures, we reduce the risk of data breaches or cyber attacks.

More control

You have control over your data! We store it in our Bavarian data centers – and you decide what happens to it.

FAQ

2
3
What is the GDPR?
The GDPR stands for General Data Protection Regulation and is the German translation of the European Union's General Data Protection Regulation (GDPR). It is a regulation that has been in force in all EU member states since May 2018 and aims to strengthen data protection for individuals within the EU. The GDPR contains stricter rules for the processing of personal data by companies and organizations, as well as greater control and transparency for individuals over their personal data. The GDPR applies to all companies and organizations that collect or process personal data of EU citizens, regardless of where the company is located. Companies that violate the GDPR can risk heavy fines and legal consequences.
2
3
Why is the GDPR important?
The GDPR is important because it strengthens the data protection of individuals in the European Union and makes the processing of personal data by companies and organizations more transparent and secure. Before the introduction of the GDPR, companies and organizations in the EU had different data protection laws and practices, which led to confusion and uncertainty. The GDPR creates uniform rules for data protection and provides greater transparency and control for individuals over their personal data. Companies and organizations must now obtain the consent of the data subject before collecting and processing their personal data, and they must ensure that the data is secure and protected. The GDPR also gives individuals the right to have their data deleted by companies or to obtain information about the processing of their data. Companies that violate the GDPR can risk heavy fines and legal consequences. Overall, the GDPR helps to strengthen trust in data protection and protect the fundamental rights of individuals.
2
3
What is ISO 27001?
ISO 27001 is an international standard for information security management systems. This standard defines processes and guidelines that ensure the confidentiality, integrity and availability of data in order to minimize security risks.
2
3
What is PCI DSS and what does it say?
PCI DSS stands for the Payment Card Industry Data Security Standard.

This certificate is an international security standard that guarantees the protection of credit card data to enable secure credit card payments.

2
3
What is compliance?
Compliance means adhering to the rules, regulations and laws that apply to a company, industry or organization. It is about ensuring that all activities, procedures and practices are in line with legal requirements, industry standards and ethical principles. Compliance is important to minimize legal and financial risks for companies and organizations and to protect the interests of stakeholders, customers and employees. Examples of compliance requirements may include data protection regulations such as GDPR, anti-money laundering laws, health and safety regulations, environmental regulations and financial reporting standards. Compliance often involves the development and implementation of policies, procedures and training programs to ensure that all employees and stakeholders understand their obligations and responsibilities with regard to compliance with rules and regulations.
2
3
What is commissioned data processing?
Contract data processing (CDP) is a form of data processing in which a company outsources the processing of personal data to a processor (e.g. a cloud service provider or an IT service provider). This means that the company retains responsibility for the personal data, but the processor acts in the name of and on behalf of the company and processes the data in accordance with the company's instructions. DPA is regulated in the European Union by the General Data Protection Regulation (GDPR) and usually requires a written agreement between the company and the processor that contains certain data protection standards and requirements. This agreement is known as an order data processing contract (ADV contract) and must contain certain contractual conditions, such as the obligation of the processor to take appropriate technical and organizational measures to protect the personal data. However, the company remains responsible for compliance with data protection laws and regulations in all cases, even if data processing is outsourced to a processor.
2
3
How do I conclude a commissioned data processing agreement with NWS?

You can find everything you need on our GDPR page. Do not hesitate to contact us if you have any further questions.