Information Security Policy
[Last Updated: September 17, 2018]
Vitalerter LTD (“Company” or “we”) is committed to provide transparency regarding the security measures which it has implemented in order to secure and protect Personal Data (as defined under the EU General Data Protection Regulation (Regulation 2016/679) (“GDPR”)) processed by the us for the purpose of providing its services.
As part of our GDPR compliance process, we have implemented, technical organizational monitoring protections, and established an extensive information and cyber security program, all with regards to Personal Data processed by Company.
System Access Control
Access to all data processing systems is solely via Company’s user authentication systems. Only a portion of specific personnel has access to systems. All access to Company’s systems admin network are available solely from the office going through a private, dark fibre, link to the data centre. Authentication to each system is through a user-password, unique to each employee or personnel and from a different domain controller dedicated to such environment. Password control and manual and ongoing monitoring on all system access.
Data Access Control
The access to the Personal Data is restricted to solely the employees that are required to receive access. Employees are educated with regards to security of the Personal Data.
Physical Access Control
Vitalerter ensures the protection of the physical access to the data servers which store the Personal Data and works exclusively with Microsoft Azure, as its main cloud storage to host the Personal Data (for additional information regarding Microsoft Azure Security see here).
The goal of transfer control is to ensure that Personal Data cannot be read, copied, modified or removed by unauthorized parties during the electronic transmission of data or during their transport in motion, to the applicable data center (i.e., HTTPS). Transmission of data during backups is encrypted.
Availability Control and Purpose Control
The Company’s servers include an automated backup procedure. The Company has a backup concept which includes automated weekly backups. Periodical checks are preformed to determine that the backup have occurred.
Personal Data as well as raw data are deleted as soon as possible or as soon as legally required.
Employees and data processors are all signed on applicable and binding agreements all of which include applicable data provisions and data security obligations, including our applicable partners. Employees are bound to comply with the Company’s policies and procedures and violations shall result in disciplinary actions up to and including termination of employment. An employee will not gain access to the Personal Data until the Company has trust that the employee is well educated and responsible to handle the Personal Data, in a secure manner. Company has ensured all documents, including without limitations, agreements, privacy policies online terms, etc. are compliant with the GDPR. Our Legal team is busy ensuring our legal documentation is updated to reflect any changes and to include the mandatory provisions required by the GDPR. The security, legal, privacy and compliance departments work to identify regional laws, regulations applicable to Company’s compliance. Therefore, this Security Policy may be updated from time to time, according to any applicable legislation or internal policies.