As the Solution Provider, we guarantees our customers an appropriate level of data protection in accordance with the national and European regulations. Our security levels are based on international standards.
How are your data and your privacy protected?
1. We adhere to a set of procedures and guidelines in order to ensure that your data are kept secure. These procedures are drawn up and revised by the management, the in-house quality department and our legal consultant.
2. All company personnel have clear job descriptions detailing the job title and the respective duties and this ensures that these guidelines are correctly applied.
3. The computer and server rooms housing the software and data are physically secured. These security systems consist of electronic and centralised access management, an alarm system, a cooling system and devices to protect against power cuts and fire.
4. Redundant safeguards help us to ensure an uninterrupted services at all times, without any loss of data.
5. A logical safeguarding plan is set up, which consists of:
- an internal firewall, a proxy server and antivirus software;
- formal management of access rights based on the job titles and duties, both for the internal users and affiliated users.
6. We manage our software updates ourselves with the use of planning software and separate development, acceptance and production environments.
7. We have put a hotline in place to manage any complaints, with an impact analysis and priority management of any incidents and the respective diagnostic and response times.
8. The access and identity control techniques require identification and the use of a password.
9. An access management policy per user rights level has been put in place.
10. Our contracts and agreements, our contracts of employment and other documentation include confidentiality and data protection clauses in order to ensure awareness among our customers and our colleagues.
The measures taken in order to comply with the provisions of the GDPR:
1. The team in charge of quality is responsible for data protection and for the methods of implementing the GDPR.
2. A data protection register has been created in order to record all the personal data processing activities, based on the model suggested by the competent authorities.
3. With the aid of the above-mentioned security systems, any potential incident can be quickly detected and dealt with in accordance with the GDPR requirements.
4. We make every effort to ensure that all processing is performed in-house and to restrict the number of sub-contractors. We have also entered into specific agreements with each sub-contractor in order to ensure compliance with the GDPR requirements.
6. The clause relating to privacy and personal data protection included in our contracts and publications has been adapted to comply with the GDPR requirements.