Data protection at eplas
eplas What you should know about data collection
eplas is an occupational health and safety management solution for the areas of quality assurance and environmental protection which can be used in all areas all the way up to QM-effective testing and was awarded the IT Innovation Award for Medium-Sized Business Initiatives in the area of e-learning at Cebit 2011. The individual modules Blended Learning, Hazardous Substance Management, Hazard Assessment, Work & Operating Equipment, Audits & Checklists, and Health Management access common master data. Sensitive data is stored in encrypted form in the master data bank. The health management module data is additionally secured and encrypted separately.
Data in a functional system
- Assigned training themes / dates / documents
- Training topic status
o open o completed (valid until)
- Feedback on completed training sessions (can be carried out anonymously)
- Training contents at the time of execution (audit-proof, in accordance with statutory provisions)
- Complete question and answer catalogue
- Consultation during training
- Last name
- First name
- Personnel number
- Password (can be changed by the employee)
- Employee's area of responsibility
(freely selectable definition in eplas for the assignment of training topics)
- Department (to map the departmental hierarchy)
- Responsibility (only for supervisors, for mapping the departmental hierarchy)
- Email address
- Chip ID
- Active / inactive
- External employee / internal employee
- Company (for external employees)
- Employee photo
- Configurable administration rights for each employee
- Other fields, which can be supplemented as required
Data NOT recorded
- Number of attempts to solve a topic
- Number of correct / wrong answers
- Which questions were answered incorrectly
- Period of time required by the employee to carry out a training session
- Employee login or log out times
- Tracking of anonymous feedback back to the employee is impossible.
EMPLOYEE PERFORMANCE ASSESSMENT is not possible via eplas. Data that could be used for this purpose is not collected.
TLS / SSL encryption via https should be used to ensure the secure transfer of data between the server and your browser.
Exception – Health Management
In the Health Management module, it is necessary to enter personal data including date of birth and private address in addition to the existing data (first name, surname, personnel number) for the administration of accident reports as well as recommended, mandatory or preventive healthcare examinations.
- The data in question is stored in a separate table separate from the employee data.
- The data is encrypted in accordance with AES 256-bit guidelines with a customer-specific key and can only be decrypted with this key.
- Access is only granted to authorised users via the immediate entering of the password.
- Certain data, such as in the employee master record, can only be viewed with appropriate authorisation and by re-entering the user password.
- The data cannot be viewed outside the Health Management module.
- The logging of an accident report, which may have to be carried out by anyone, does not contain any of the data concerned.