Dualoo Logo farbig
Menü anzeigen >

Technical and organizational measures

The technical and organizational measures (TOM) show what is being done by Dualoo (hereinafter also referred to as the provider) to protect the data and the conditions under which smooth use is guaranteed. These are updated by the provider from time to time and always reflect the current status.

The contents of this technical and organisational measures have been translated automatically. Only the original in German has legal validity. The online version in German can be found HERE.

Updated: July 5, 2021

Table of contents

1. Technical requirements

Dualoo is Software as a Service (SaaS) and is executed via the browser(https://login.dualoo.com). Documents generated by the application are saved on the server as Microsoft Office (docx) and Adobe (PDF). All data is stored in the UTF-8 character set, which means that all languages can be mapped. To use Dualoo, you need Internet access with a supported web browser and an e-mail address. Otherwise, no installation is necessary.

2. Supported desktop browsers

Chrome: latest version
Firefox: latest version
Edge: latest version
Safari: latest version

3. Data processing according to GDPR

If personal data is processed or used automatically, the internal organization must be designed in accordance with the Data Protection Act (GDPR) in such a way that it meets the special requirements of data protection. Dualoo supports users in this process.

By definition, commissioned data processing is carried out by the provider. However, the provider can only be granted temporary access for support and assistance purposes and only with consent. As the provider is covered by commissioned data processing, this document lists below the points that are required for commissioned data processing.

The standard contract for commissioned data processing is based on the transparently published terms of use, privacy policy and the technical and organizational measures. This is concluded with the approval of the terms of use and the privacy policy.

If deviating changes or a separate contract are required, the costs amount to CHF 300 / hour (at cost), which is necessary for checking or drawing up a contract on the part of the provider.

4. Access control

Access to the provider’s premises is secured by employee ID cards and personal keys. Access to the application, i.e. to the data, is only possible via a personal login using a user name (e-mail address) and password. The password of each individual user is encrypted (hash function) and stored in the database.

User data is stored exclusively on the ISO 27001-protected server and not on employees’ local devices, which ensures data security. The provider generally has no access to user data unless express permission has been granted.

Personal data carrier control: Users are responsible for adequate protection of their devices and passwords. The Provider cannot be held liable for any damage caused by neglecting to protect users’ devices and passwords

5. Access control

Individual rights can be assigned within the application (what can which user do). The user (e.g. administrator in the company) is fully responsible for the internal access authorization. He controls which access authorizations the other users (e.g. employees) have.

The provider, in turn, is responsible for accessing the data from outside by protecting and encrypting the data accurately.

6. Pseudonymization and encryption

All data transmitted between the user and the server is end-to-end encrypted. The connection is transmitted using TLS 4096bit (SSL).

7. Input control / logging

The provider logs all connections between the user and the server. If a criminal offense has been committed, the provider allows administrators to view the company’s log file.

8. Availability control and resilience

Data storage and hosting are stored in the Metanet� data center www.metanet.ch in Zurich (Switzerland). The data center meets the highest security standards. The operation is certified according to ISO 9001. In addition, the data centers in Zurich are certified to ISO standard 27001 for information security and are PCI DSS accredited.

Backups: The provider backs up customer data several times a day. To prevent data loss even in extreme cases (e.g. destruction of a data center due to an earthquake), the encrypted backups are stored in parallel in several data centers in Switzerland and abroad. Rotation: 30 days with 12-month archive.

Virus protection: The user bears sole responsibility and is obliged to check the data received and transmitted for viruses. The provider also scans all transmitted files for viruses. The provider cannot be held liable for this, but helps to reduce the risk.

Energy supply / sustainability: The provider’s servers, the website and the office premises are powered by sustainable energy.

Features
Company
Support
Legal matters

© 2025 Dualoo AG, Rietbergstrasse 37, CH-9403 Goldach

Icon Swiss Made and more

Probieren geht über Studieren.

  • Kostenloser Probemonat
  • Kein automatischer Aboabschluss
  • Kompletter Funktionsumfang
  • Persönliche Produkttour auf Wunsch

The proof of the pudding is in the eating.

  • Free trial month
  • No automatic subscription
  • Complete range of functions
  • Personal product tour on request