Information Security Policy
Last Revised: December 3, 2020
As part of our data protection compliance process we have prepared this Security Policy to provide you with a summary of the security measures and policies that we have implemented. We also require our partners and employees to comply with these standards and implement the same security measures included in this Security Policy when working with us.
THIS SECURITY POLICY OUTLINES THE COMPANY’S CURRENT SECURITY PRACTICES AS OF THE “LAST UPDATED” DATE INDICATED ABOVE. WE WILL KEEP UPDATING THIS POLICY FROM TIME TO TIME, AS REQUIRED BY APPLICABLE LAWS AND OUR INTERNAL POLICIES.
SYSTEM ACCESS CONTROL
Company’s database is accessible only by designated employees. The Personal Data processed by the Company is stored in Amazon Web Services which only enables access via a personal user authentication. Access to the database is restricted and is based on procedures to ensure appropriate approvals are provided, solely to the extent required. In addition, remote access to the database and wireless computing capabilities are restricted and require safeguards, including VPN protection or similar security level.
PHYSICAL ACCESS CONTROL
The Company secures any and all physical access to its offices. The Amazon Web Services datacenter is located in the USA, therefore, for more information we recommend that you review Amazon’s security policy available here.
DATA ACCESS CONTROL
All access to a database, system or storage can only be done with an authorization hierarchy and password protection. Furthermore, access to Personal Data is restricted to solely the employees that “need to know” and is protected by passwords and user names. The Company audits any and all access to the database and any unauthorized access is immediately reported and handled. Furthermore, the Company has entered into applicable and binding data processing agreements with its vendors and customers.
ORGANIZATIONAL AND OPERATIONAL SECURITY
The Company educates its employees and service providers, and raises awareness with regards to any processing of Personal Data. Internal security testing is done on a regular basis. Company’s IT team ensures security of all hardware and software, by installing anti-malware software including firewalls on computers to protect against malicious use and malicious software as well as virus detection on endpoints, etc. It is the responsibility of the individuals across the Company to comply with these practices and standards which they are bound to by the employment agreement.
The purpose of transfer control is to ensure that Personal Data cannot be read, copied, modified or removed by unauthorized parties during the electronic transmission of the Personal Data or while it is being transferred or stored. Furthermore, any and all transfers of the data (either between the servers, from client side to server side and between Company’s designated partners) is secured and protected as required under applicable law.
The Company’s servers include an automated backup procedure. The Company has ensured that all of its systems are protected by industry best standards for security systems and measures. Our legal team has ensured that our legal documentation is updated to reflect any changes and to include the mandatory provisions required by the applicable data protection laws.
Employees, customers, vendors and applicable processors are all signed on binding agreements all of which include applicable data provisions and data security obligations. Employees are bound to comply with this Security Policy in addition to internal security policies and procedures and breaking or not complying with such shall result in disciplinary actions. To ensure the employees stay educated and up to date with applicable policies and legislation the Company holds annual compliance training which include data security education.