Security and data protection at TOM

Here at TOM, we are so serious about data protection that we don’t want to know any personal details about you.

With TOM, there’s no registration and so you do not have to enter personal data (such as your name or email address). TOM will never ask you for these details and doesn’t want to know.

Security concept at TOM

Your treatment data in TOM is linked with a randomly generated 12-digit recovery code. This code is stored separately from your health data and is also encrypted. Only you know this number. Even we cannot access it. That’s why it’s important to keep your recovery code safe.

Secure servers in Germany

All your data is stored in a data centre in Germany certified to ISO 27001 and ISO 9001.

Encryption

Asymmetric encryption is used whenever data is transferred between TOM and the servers. We use a communication protocol so that data can be transferred securely. This is regularly reviewed and adjusted to meet security requirements.

Data storage

Your personal health data is always stored in encrypted form. At no point does your data become readable in unencrypted form. The concept of TOM, and the whole system, follows the ‘security by design’ principle to incorporate all the relevant security elements.

Helping improve treatment adherence

On principle, no personal data is passed to third parties. Through TOM, we help people to adhere to their treatment; thus, we make a contribution to better healthcare and in turn medical advancement. The anonymous TOM treatment data is provided for research purposes in aggregate form only.

System monitoring

The live environment and all the connected systems and applications are monitored continually, 24/7, 365 days a year, so that we can promptly prevent a critical system status.

 

We use standardised and individual tests to regularly review the security requirements. This not only ensures that the applications remain stable, but also identifies any potential security gaps early on.

Security comes first

TOM and partners work according to the highest security standards.

ISO 27001

Certified Information Security Management System (ISMS)

ISO 9001

Certified Information Security Management System (ISMS)

GDPR

TOM complies with the EU General Data Protection Regulation

English
German French Spanish Italian English