CompliancE

TISAX®

Dock2Studios GmbH has successfully completed a TISAX assessment in accordance with VDA ISA version 5.0 at Assessment Level 3 (AL3). TISAX (Trusted Information Security Assessment Exchange) is a standard for information security assessments in the automotive industry and is governed by the ENX Association on behalf of the automotive industry. The assessment was conducted by an accredited audit provider. The results are exclusively available to registered TISAX participants via the ENX portal.

Completing the TISAX assessment demonstrates our commitment to protecting confidential information and meeting the information security requirements of the automotive industry. This enables secure collaboration with partners and customers who require TISAX participation.

Information Security

1. Information Security at Dock2Studios GmbH

The protection of information is a top priority for Dock2Studios GmbH. If you become aware of an information security incident or suspect a security-relevant issue, you are required to report it without undue delay.

2. What Constitutes an Information Security Incident

An information security incident may include any event that indicates a potential threat to the confidentiality, integrity, or availability of information at Dock2Studios GmbH. This includes obvious security-critical events, as well as suspected vulnerabilities or unusual occurrences that may indicate misuse or risk exposure. All observations that could suggest potential misuse or security weaknesses must be reported so that appropriate measures can be assessed and implemented promptly.

Examples of possible incidents (non-exhaustive list):
Unauthorized access to systems or data
Suspected phishing attempts or other cyberattacks
Loss or theft of devices or information belonging to Dock2Studios GmbH
Technical disruptions with security-relevant impact on company data

3. Contact Information

Dock2Studios GmbH
Uelzener Straße 48
21335 Lüneburg
Germany

E-mail: infosec@dock2studios.de
Phone: +49 151 21211155

Requirements for Ensuring Information Security in Cooperation with Suppliers

1. General

This document defines the fundamental information security requirements applicable to suppliers of Dock2Studios GmbH, including the handling of subcontractors and the secure use of information and IT equipment (e.g., desktop computers, notebooks, smartphones, tablets). These requirements apply to the supplier’s management, employees, and any agents or subcontractors (hereinafter referred to as the “Contractor”). The Contractor’s management is responsible for ensuring that this document is communicated to relevant employees, agents, and—where applicable—subcontractors.

2. Exchange of Information

During all discussions involving confidential or sensitive information of Dock2Studios GmbH, including telephone conversations, appropriate measures must be taken to prevent unauthorized access or eavesdropping. All necessary and appropriate safeguards (e.g., encryption) shall be implemented to protect information during transmission against unauthorized access, modification, or deletion, including access by individuals within private environments.

3. Physical Transport of Media

Media containing information of Dock2Studios GmbH must be protected against unauthorized access, misuse, or manipulation during transport, including across organizational boundaries. Appropriate technical and organizational measures (e.g., encryption) must be applied to ensure protection during transport. Data carriers must be transported in a concealed manner. Data carriers containing confidential information shall generally be escorted by an employee of the Contractor. Documents must be transported in a way that prevents visibility, for example in non-transparent folders.

4. Physical Transport of Notebooks

Notebooks containing information of Dock2Studios GmbH must be transported in a manner that prevents visibility from the outside. When used in public environments, appropriate precautions must be taken to ensure that information cannot be viewed by unauthorized persons and that confidential authentication data cannot be observed or compromised.

5. Handling of Information Security Incidents and Communication

Serious information security incidents (e.g., operational disruptions, data loss, unlawful acts, cybercrime attacks), including any suspected loss of confidential or sensitive information, shall be reported without undue delay via the Information Security contact details listed above.

6. Audit Rights Regarding Information Security

The supplier / Contractor grants Dock2Studios GmbH the right, upon prior notice, to review and verify all information security-related data and processes associated with the business relationship. Employees of Dock2Studios GmbH or authorized third parties may enter the Contractor’s premises during normal business hours for the purpose of conducting such reviews. The Contractor shall bear the costs of the audit if violations of agreed information security measures or contractual obligations are identified, unless such violations are demonstrably not attributable to the Contractor.

7. Confidentiality Agreement Between Supplier / Contractor and Its Employees

The Contractor undertakes to conclude confidentiality agreements (either separately or as part of employment contracts) with all employees who receive or may access information belonging to Dock2Studios GmbH in the course of the cooperation. Evidence of compliance must be provided upon request at any time.

8. Subcontractors

If the Contractor engages subcontractors, the Contractor remains fully responsible for ensuring that all applicable information security requirements are communicated and implemented. Upon request, the Contractor must provide evidence of compliance. In the event of proven serious breaches or substantial misconduct by a subcontractor or its agents, Dock2Studios GmbH reserves the right to reject the subcontractor. Dock2Studios GmbH may further exercise its right to extraordinary termination for cause and/or assert claims for damages.

9. Compliance with Information Security (Supply Chain)

When commissioning subcontractors, the Contractor must ensure that the information security requirements of Dock2Studios GmbH are also complied with by such subcontractors. This includes the conclusion of confidentiality agreements with sub-suppliers. Proof of compliance must be provided upon request at any time. If the Contractor is entitled to issue subcontracts, it shall remain fully liable, irrespective of any contractual or statutory limitations or exclusions of liability.

German Whistleblower Protection Act (HinSchG)

1. Reporting of Information

If you become aware of potential violations or misconduct within Dock2Studios GmbH and you are an employee, intern, freelancer, contractor, business partner, or supplier, you are encouraged to report your concerns. Your report is important to us. Reports must be submitted via the Information Security contact details listed above.

2. Secure and Confidential Handling

We guarantee that your identity will be protected and that all information will be handled confidentially. In accordance with the German Whistleblower Protection Act (HinSchG), no retaliatory measures will be taken against individuals who submit reports in good faith. To enable proper feedback, we encourage you to provide your name. All reports concerning Dock2Studios GmbH are reviewed and processed by an external neutral body in order to prevent conflicts of interest.

3. What Violations Can Be Reported?

The Whistleblower Protection Act protects individuals who report specific categories of misconduct within Dock2Studios GmbH.

These include:
Financial irregularities, including fraud, corruption, embezzlement, and financial manipulation
Administrative offenses subject to fines, particularly those relevant to employee safety and well-being
Violations of occupational health and safety regulations
Non-compliance with minimum wage regulations
Criminal offenses under applicable German law

Important to know:
If a matter does not constitute a criminal offense or an administrative offense subject to fines, it generally does not fall within the scope of the German Whistleblower Protection Act. In such cases, the Act does not provide specific statutory protection for the report.

4. What Happens After Your Report?

Acknowledgment:
Upon receipt of your report, you will receive confirmation provided that contact details have been supplied.

Investigation:
Every report is assessed carefully. Where appropriate, an internal investigation will be initiated.

Feedback:
Within a reasonable period not exceeding three months, you will be informed about the status and outcome of the investigation, where legally permissible and provided contact details have been supplied.

Data Protection / Privacy

Dock2Studios GmbH maintains a structured data protection management system to ensure compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

For corporate data protection and privacy-related matters, please contact:
E-mail: privacy@dock2studios.de
Phone: +49 151 21211155

For detailed information on the processing of personal data on our website, please refer to our Privacy Policy.