Data Location

  • All Socital’s customer data are stored within the EU (Microsoft Azure data centers),

Infrastructure

  • Development, testing (staging) and production environments are strictly segregated both from a system and data perspective (i.e., not using production data is used in development and testing systems).
  • Physical development terminals / workstations locked automatically after a predefined period of inactivity.

Access Control to personal data

  • Requests to new access permissions are subject to approval by a Senior Engineer or the CTO.
  • Individual accounts are used for all activities performed by humans (i.e., not cronjobs, automated scripts, etc.).
  • Key systems enforce regular password and/or access keys changes .
  • There is a process that ensures the removal of unneeded permissions from users who left the company or changed roles.

Logs

  • Logs are regularly monitored or reviewed from a security perspective.
  • Logs are protected against accidental or intentional modification.
  • Encryption in transit is applied for all sensitive communications.
  • All of Socital’s data centers resources are dedicated and not shared by other cloud platform users.

Data Backups

  • Data backups are taken regularly.
  • No backups are held off-site.
  • All backups are encrypted.

Networks

  • Firewall rules protect all Socital’s cloud platform and cover all traffic.
  • Firewall rules are reviewed regularly.
  • Firewall rules changes are approved by the CTO.

Documentation

  • Detailed data flow diagrams and data inventory (data allocation) documents are readily available and can be provided to the client upon request.

Organization

  • Socital has assigned a dedicated DPO able to assist in any matters related to security
  • Employees are regularly trained in security best practices.
  • All employees sign a confidentiality and non disclosure agreement.
  • There is a process for terminating user access privileges when they are no longer needed, i.e. when someone changes for and/or leaves the company.
  • In case of data breach there is an incident response procedure in place.

Got Questions? Ask our Data Protection Officer!