Data Security - Executive Summary

Executive Summary

(Updated: 07/08/2023)

Our company is legally obligated to safeguard the privacy and security of the personal data that we process from our users. We have implemented a comprehensive data security program that complies with the applicable data protection laws and regulations.

Data Security Legal Requirements and Obligations

Our data security legal requirements and obligations are to:

  • Ensure the confidentiality, integrity, and availability of our users' personal data.

  • Comply with the data protection laws and regulations of the jurisdictions where we operate, such as the GDPR.

  • Demonstrate our accountability and transparency regarding our data security practices.

Data Security Program

Our data security program consists of the following measures and procedures:

  • Physical security: We have established physical security measures to prevent unauthorised access, damage, or theft of our data processing equipment and facilities through our AWS managed system integration. These measures include access control systems, surveillance cameras, and alarm systems. (See: https://aws.amazon.com/compliance/data-center/controls/)

  • Logical security: We use various logical security measures to prevent unauthorised access, interference, or disclosure of our users' personal data. These measures include firewalls, intrusion detection systems, and data encryption.

  • Data access controls: We have implemented data access controls to limit access to our users' personal data to authorised personnel only, based on the principle of least privilege and need-to-know.

  • Data encryption: We encrypt all personal data at rest and in transit, using strong encryption algorithms and keys.

  • Data backup and recovery: We have a comprehensive data backup and recovery plan in place to ensure the resilience and continuity of our data processing activities in the event of a data breach or other disaster.

  • Incident response: We have a well-defined incident response plan to identify, contain, analyse, remediate, and report on security incidents.

Certifications, Standards, and Best Practices

Our company is in the process of obtaining ISO/IEC 27001 certification, which is the international standard for information security management systems. We also adhere to the standards and best practices recommended by the following organisations:

  • The National Institute of Standards and Technology (NIST)

  • The Payment Card Industry Data Security Standards Council (PCI SSC)

  • The General Data Protection Regulation (GDPR)

GDPR Compliance and Data Processing

Our company is committed to complying with the General Data Protection Regulation (GDPR), which is a regulation of the European Union (EU) that sets out the rules for the protection of personal data. We have implemented measures and procedures to ensure that our data processing activities comply with the GDPR.

Data Processing

We process our users’ personal data in accordance with the GDPR’s principles of lawfulness, fairness, and transparency. We only collect and process personal data that is necessary for the purposes for which it was collected, and we ensure that our users are informed about how their personal data is being used as per our Privacy Policy

Data Deletion

We respect our users’ right to request the deletion of their personal data from our servers. When a user makes such a request, we will take all reasonable steps to delete their personal data from our systems, subject to any legal obligations that may require us to retain certain data. We have established procedures to ensure that our users’ requests for data deletion are handled promptly and efficiently. Data deletion requested will be processed in accordance with section 14 of our Terms of Service

Conclusion

We are committed to fulfilling our legal obligations regarding the privacy and security of our users' personal data. We have implemented a comprehensive data security program that complies with the applicable data protection laws and regulations. We believe that our data security program is robust and effective. We take our obligations under the GDPR seriously and have implemented measures to ensure that our data processing activities comply with its requirements. We are confident that we can protect our users' personal data from unauthorised access, use, disclosure, alteration, or destruction. If you have any questions or concerns about how we process your personal data, please do not hesitate to contact us.

Last updated