Data protection commitment for the implementation of home office / telework

The company with registry code 16614738

Itlerhilfe OÜ
Lootsa Tn 2a,
11415, Tallinn,

(hereinafter referred to as the “Company”) permits the undersigned Employee to perform work services outside the Company’s business premises (telecommuting or home office). The Employee undertakes to comply with the following measures for the protection of personal data in the context of the provision of services in the home office:

1) Instructions
The employee must always comply with relevant instructions issued by the employer as well as the regulations of the employment contract regarding data protection.

2) Securing the home office
The employee must ensure that the room(s) in which home telework is performed cannot be entered by unauthorized third parties for the duration of the telework. Only lockable rooms may be used for domestic telework. Even if the work rooms are left for a short time (e.g. to make coffee), the rooms must be locked or other suitable measures must be taken to prevent unauthorized access to work equipment, data or documents (e.g. locking away paper documents, locking the work computer, etc.).

3) Visual protection
The employee must ensure that unauthorized third parties cannot view official documents and data. In particular, he/she must ensure that the work screen of laptops or documents cannot be viewed “in passing”. This can be ensured by using privacy screens or by placing computer monitors outside the field of vision of doors and windows.

4) Acoustic protection
Employees must ensure that unauthorized third parties cannot listen in on official conversations. In particular, he/she must ensure that no acoustic assistance systems (e.g. Alexa) are present at the teleworkplace.

5) Mobile working / co-working spaces
The employee is entitled to perform telework outside the home workplace (e.g. in co-working spaces). However, in doing so, he/she must ensure that his/her work documents and work equipment are protected from access by unauthorized third parties. At no time are work documents and work equipment to be left unattended. When using Internet connections, suitable security of the network used must be ensured. When transporting work documents and work equipment to and from the teleworkplace, the employee must always keep an eye on them. The work documents and work equipment must remain under the control of the employee at all times.

6) Use of public Internet access
The employee shall primarily use his/her private Internet access for telework. This is to be secured in a suitable manner. Public and/or third-party networks (e.g. in public rooms or hotels) may not be used unless the security of the connection is ensured.

7) Use of work documents/work equipment abroad
The transfer of work documents and work equipment abroad is only permitted with the express consent of the company. The employee must expressly inform the company of this and obtain its consent prior to the transfer of work materials and work documents abroad.

8) Data backup
The employee must always back up data in accordance with the company’s specifications. If data is stored locally on work equipment, it must be transferred at the earliest opportunity to data storage devices that the company normally uses for storing data.

9) Right of access
The employee must grant the company or its employees – after prior consultation – access to his or her home workplace. This is particularly the case if compliance with this agreement must be monitored or if compliance with data protection regulations is to be checked (for example, by the company’s data protection officer). Access must only be granted during normal business hours between 10 am – 5 pm. In urgent cases, access must be granted without prior consultation. The fundamental rights and freedoms of employees must be observed at all times.

10) Compliance with general safety standards
The employee shall comply with the following general security measures while telecommuting:

The employee shall choose secure passwords and keep them secret.

The employee is required to install all available security updates on his/her service devices without delay.

Work equipment and work documents are to be used only within the scope of the specific task completion within the workplace. After completion of the respective task, the corresponding work equipment and work documents are to be stored securely (clean desk policy).

Computers, laptops and other electronic service devices must be locked when leaving the workplace and secured against theft. This also applies when leaving the workplace for a short time (e.g., to make coffee or for lunch).

When accessing the company’s IT systems, the employee must use the VPN access provided by the company.

11) Reporting breaches
If personal data is breached or such a breach is imminent (e.g. loss of work equipment or documents, hacker attacks, attacks by malware, etc.), the employee shall immediately inform the management. In the event of IT breaches, the IT department must also be informed immediately.

12) Exceptions
The company is free to approve exceptions to the above principles in justified cases. Such exceptions shall be documented with reference to the approval and justification.

Employee’s name in block letters, date, signature