Are you concerned about the GDPR, data protection & co.?

As your partner for AI systems, we see it as our responsibility to support you and your company with these questions. We advise you, show you possibilities and limitations, and offer solutions that, of course, meet all your regulatory and legal requirements.

We ensure that our compliance and yours is always maintained and that, for example, all data is handled securely at all times.

Data protection, GDPR and EU AI Act

In particular when handling sensitive and personal data, data protection has the highest priority. Therefore, Vimmera AI designs and implements all AI systems with consistent consideration of the General Data Protection Regulation, the EU AI Act, and relevant legal and industry-specific regulations.

Transparent data processing, clearly defined purposes of use, controlled access mechanisms, and traceable processes for storing and using information ensure a high level of security, reliability, and regulatory compliance.

At the same time, the requirements of the EU AI Act are integrated early into the system architecture and governance structures. This applies in particular to aspects such as risk assessment, transparency, traceability, documentation, and responsible use of AI.

In this way, companies retain full control over their data at all times and benefit from an AI solution that is both GDPR-compliant and future-proof.

But what exactly do we do?

We conclude a data processing agreement (DPA) under the GDPR with each of our partners, subcontractors, and providers. Likewise, we conclude such a DPA with all our customers. We have carried out a risk assessment of data processing and, on that basis, implemented and documented TOMs (technical and organizational measures). These TOMs meet at least the requirements of the GDPR, but in most respects go far beyond them.

We also regularly review our partners, subcontractors, and providers and check whether their security measures are sufficient and whether all GDPR requirements are being met there. -And we document this as well.

Each customer receives from us a list of all our processors, a list of the relevant TOMs, and the opportunity to conduct appropriate audits.

Our customers are trained in handling the AI systems, the GDPR, and the EU AI Act, and the systems themselves of course meet all requirements (e.g. transparency obligations and labeling, data minimization, fundamental data protection through access restrictions, encryption techniques, passwords, 2FA logins (standard with us), feedback options, etc.).

Individual compliance guidelines are, of course, incorporated into our individual security concept upon request.

Governance, control and transparency

In addition, responsible and compliant use of AI requires clear responsibilities and structured control mechanisms. Vimmera AI supports companies in building suitable governance structures that enable secure, traceable, and controlled operation.

These include role and authorization concepts, defined approval processes, comprehensive documentation, auditability, and transparent decision-making foundations. This keeps AI systems permanently controllable, reviewable, and cleanly embedded within the organization.

Risk minimization and quality assurance

At the same time, compliance also includes the early identification and systematic minimization of potential risks. Against this background, Vimmera AI places particular emphasis on stable system architectures, verified data sources, and controlled learning processes.

In addition, validations, continuous quality assurance measures, and ongoing monitoring help to identify, assess, and specifically avoid undesirable system behavior, bias, or incorrect decisions at an early stage.

How secure is data stored with Vimmera AI?

We make every effort to clearly explain to our customers which measures we take for data protection and data security. Nothing happens in secret; everything is communicated.

We rely on encrypted communication (e.g. via email) and generally transfer data between servers only in encrypted form. Where technically possible, all data is also stored encrypted at rest. Backups, intermediate copies, and backups are also encrypted (where technically possible).

We use strong password policies and use two-factor authentication. Permission concepts with corresponding access restrictions and controls are also part of our standard program.

We always follow the current requirements of regulations and laws. NDAs ensure internal and external confidentiality. Encrypted communication and data transfer provide maximum security when exchanging data with our customers. Access controls, passwords, and two-factor authentication ensure that only those who are actually allowed and need access to data can access it.

As a matter of principle, we only use the data that is actually needed (not simply store or evaluate everything). The GDPR, the EU AI Act, the BDSG, and NIS2 are our cornerstones, which we always use as our guide.

We use our own servers and rent capacity from partner companies. There, too, the focus is on the highest level of security. Each partner is accepted only with a DPA and соответствing evidence, e.g. regarding GDPR compliance. We regularly assess each individual partner and verify their information, e.g. regarding their security concepts and technical and organizational measures (TOMs). Unless otherwise agreed, your data and ours never leave the European server area. This means that transfers to other countries outside the EU do not take place by default.

And very importantly: your data is never used to train our systems or other systems!

If customers have higher requirements, their own compliance rules, or if data is processed that must be handled specially, we also implement this in our concepts.

And of course, all of this is also documented, regularly reviewed, and archived.

All of this is done for your data security and ours.

You can rely on that!