Highest level of GDPR with secure European servers, and much more. Find answers to our most common questions about data processing and security below. If you have any additional questions, reach out on firstname.lastname@example.org.
We establish Data Processing Agreements with our customers and require sub-processors to adhere to the same standards, ensuring responsible data handling and protection.
We proactively monitor and review our GDPR compliance, conducting internal audits and ensuring our data protection practices are continuously up-to-date.
We are dedicated to an ongoing process of enhancing our cybersecurity measures to ensure the highest level of protection for our clients' data. Our approach involves:
Regular Reviews and Updates:
- We routinely assess our cybersecurity policies and procedures to identify opportunities for improvement.
- Following these assessments, we update our practices to address any vulnerabilities and to incorporate new security protocols as they emerge.
Proactive Threat Detection:
- Our security team is vigilant in monitoring for emerging threats and employs the latest intelligence to preemptively adjust our defenses.
Technology and Training Investments:
- We continuously invest in advanced security technologies and in-depth training for our team to ensure they are equipped to recognize and respond to cybersecurity challenges.
- Our internal policies are regularly revisited and revised to reflect the latest in cybersecurity advancements and to integrate lessons learned from ongoing operations.
We are unwavering in our commitment to not just maintaining but actively improving our cybersecurity framework. We understand the importance of adapting to the constantly changing security landscape to safeguard personal data effectively.
Our ISMS documents the entirety of our cloud service operations, ensuring clarity and precision. It covers all necessary operational units, locations, personnel, and processes associated with delivering our cloud service, facilitating a systematic approach to information security.
Our data processing aligns with the main contract's objectives, primarily facilitating video content for external communication on our clients' websites. We process only the data necessary for these purposes, such as names, job titles, emails, phone numbers, and videos.
We collect personal data such as names, job titles, email addresses, phone numbers, and video content solely for fulfilling our service agreements and enabling communication on client websites.
Data subjects can contact our customer service department at email@example.com to access, rectify, erase, or transfer their personal data.
We respect your privacy and only share your data with third-party service providers when it's necessary to provide you with our services. These providers are carefully selected and bound by strict data protection agreements to ensure the confidentiality and integrity of your data. Your personal data is not sold, traded, or shared with any other third parties without your explicit consent.
We are dedicated to protecting data integrity and confidentiality using robust encryption standards. For data at rest, we use Advanced Encryption Standard (AES) mechanisms, while in transit, we ensure protection through Transport Layer Security (TLS) 1.2 protocols. Our comprehensive cybersecurity strategy includes deploying AWS WAF, AWS Shield Standard, and Amazon GuardDuty to safeguard against a wide array of cyber threats.
Organizationally, we maintain a rigorous schedule of data protection impact assessments to preemptively address any security concerns. Our staff is continually educated on GDPR compliance and data protection best practices, ensuring that everyone understands their role in maintaining our high security standards.
Additionally, we have established policies for the usage of cryptographic measures during data transmission and remote access to our production environment, bolstering our defense against unauthorized access. We recognize the importance of safeguarding client data during storage and have implemented stringent technical safeguards to this effect.
We commit to keeping our clients informed with regular updates regarding any changes that might affect the confidentiality of their data. While our key management processes are robust, we are actively working to enhance our procedures related to the use of private and secret keys, recognizing the importance of constant improvement in our security practices.
We have established an information security policy that sets security objectives aligned with our business goals. Approved by top management, this policy is accessible to our personnel and underpins our commitment to securing our operations and data.
Our risk management policy is robust, involving meticulous identification, analysis, and prioritization of risks. We implement a detailed risk treatment plan to mitigate risks to acceptable levels, which is regularly reviewed and updated.
Our Supplier Relationship Policy mandates high security standards for Sub-processors, including due diligence and security requirements in service agreements.
Personal data is retained only for the necessary duration and securely deleted according to our data retention policy. Upon termination of services, all personal data is purged following our strict guidelines.
We have implemented comprehensive security measures such as firewalls, encryption, secure login processes, and rigorous access controls to protect against unauthorized access and data breaches.
We have a comprehensive risk management framework that identifies, analyzes, and mitigates IT risks, focusing on information security risks associated with our cloud services.
All personnel adhere to strict information security policies, which are part of their terms of employment. This includes comprehensive non-disclosure agreements with employees, service providers, and suppliers. We also provide bespoke security awareness and training programs to our staff, with rigorous reviews to maintain currency with the evolving threat landscape.
We prioritize secure asset management by maintaining a comprehensive inventory of assets integral to our cloud service. This includes strict policies against the use of removable media and detailed procedures for commissioning and decommissioning hardware.
Our physical security is designed to support our cloud-centric operations. We ensure the safety of our equipment and data with secure office access controls. These measures include access authentication required to enter our office premises. This approach is in line with our commitment to maintaining a secure and controlled environment for our team and our clients' data.
Our operational security includes capacity management and protective measures against malware threats. We employ Amazon GuardDuty and maintain up-to-date anti-malware solutions to safeguard our systems.
We have implemented policies to ensure the integrity and security of non-sensitive data. Our backup and recovery measures are thoroughly documented and executed, with regular testing to verify efficiency.
We maintain comprehensive policies for logging and monitoring system events, ensuring the security of cloud service derived data. This includes strict management of data access, storage, and deletion protocols.
We have instituted meticulous policies to identify and address vulnerabilities within our system components. Our approach involves systematic detection, rigorous assessment, and timely mitigation.
Our incident response plan ensures prompt and effective action, including immediate classification, assessment, containment strategies, and communication in compliance with GDPR Articles 33 and 34.
Our access control policies are based on industry standards, incorporating "least privilege" and "need-to-know" principles. We utilize role-based access controls to ensure a thorough division of responsibilities.
We adhere to industry standards for cryptography, employing robust cryptographic tools for data transfers and extending protection to data at rest. Our communication channels remain open to inform clients of any shifts that might impact data confidentiality.
Our technical guards, including AWS WAF and AWS Shield Standard, play a crucial role in securing our communication channels. We ensure data transmission integrity and confidentiality using top-tier encryption tools like TLS 1.2.
We are committed to meticulous data management standards, which include robust procedures to ensure data sanctity even during deletion. We conduct a meticulous purge when a cloud service contract concludes, abiding by our stringent data retention guidelines.
We maintain structured change management policies, which include version control procedures to monitor and track individual modifications and restore system components to their prior state when necessary.
We have well-defined policies and procedures for a swift and effective response to any security incidents. Our structured approach includes incident classification, escalation pathways, and specific triggers that activate our business continuity mechanisms.