takes information security seriously and has created this security
overview and policy (“Security
to disclose our practices in safeguarding Personal Data processed
through our services (“Service(s)”).
We have implemented the below technical and organizational measures
to protect the Personal Data, processed by us, against loss, unlawful
acts and destruction, alteration, unauthorized disclosure or access,
of our GDPR compliance process we have prepared this Security Policy
to provide you with a summary of the security measures and policies
it obtains, further, we require our partners and employees to comply
with these standards and implement the same security measures when
working with us.
SECURITY POLICY OUTLINES THE COMPANY’S CURRENT SECURITY
PRACTICES AS OF THE “LAST UPDATED” DATE INDICATED ABOVE.
WE WILL KEEP UPDATING THIS POLICY FROM TIME TO TIME, AS REQUIRED BY
APPLICABLE LAWS AND OUR INTERNAL POLICIES.
to corporate systems is restricted and is based on procedures to
ensure appropriate approvals are provided solely if needed. In
addition, remote access and wireless computing capabilities are
restricted and require that both user and system safeguards. The
systems are also protected and solely authorized employees may access
the systems by using a designated password and user name protections.
access to the Personal Data is restricted to solely the employees
that “need to know” and is protected by passwords and
user names. Access to the Personal Data is secured and is highly
managed by access control policies. The Company uses high level
security measures to ensure that the Personal Data will not be
accessed, modified, copied, used, transferred or deleted without
specific authorization. The Company audits any and all access to the
database and any authorized access is immediately reported and
handled. Each employee is able to perform actions solely according to
the permissions determined by the Company. Each access is logged and
monitored, and any unauthorized access is automatically reported.
Further, the Company has ongoing review of which employees’
have authorizations, to assess whether access is still required.
Company revokes access immediately upon termination of employment.
Authorized individuals can solely access Personal Data that is
established in their individual profiles.
and Operational Security
Company educates its employees and service providers, consultants and
contractors and raises awareness, risk and assessment with regards to
any processing of Personal Data. Internal security testing are done
on a regular basis. Our IT team ensures security of all hardware and
software by installing anti-malware software on computers to protect
against malicious use and malicious software as well as virus
detection on endpoints, email attachment scanning, system compliance
scans, information handling options for the data exporter based on
data type, network security, and system and application vulnerability
scanning, use secured email transfer, etc. It is the responsibility
of the individuals across the Company to comply with these practices
goal of transfer control is to ensure that Personal Data cannot be
read, copied, modified or removed by unauthorized parties during the
electronic transmission of these data or during their transport or
storage in the applicable data center. Thus, any access to the
Personal Data from beyond the Company network is solely possible by
means of a secured VPN access. Further, any and all transfers of the
data (either between the servers, from client side to server side and
between Company’s designated partners) is secured (HTTPS) and
Data and raw data are all deleted as soon as possible or legally
partners and applicable processors are all signed on binding
agreements all of which include applicable data provisions and data
security obligations. As part of the employment process, employees
undergo a screening and are provided with access to the database
solely upon training to ensure he or she are well educated and
responsible to handle the Personal Data. Employees are bound to
comply with this Security Policy in addition to internal security
policies and procedures and breaking or not complying with such shall
result in disciplinary actions. To ensure the employees stay educated
and up to date with applicable policies and legislation the Company
hold annual compliance training which include data security
Company’s servers include an automated backup procedure. The
Company has a backup concept which includes automated daily backups.
Periodical checks are preformed to determine that the backup have
of use http://policy.clearinvest-ltd.com/terms_of_use.html