Global EU and North America Consultants S.L.U. (“Company” or “we” or “our”) is committed to provide transparency regarding the security measures and policies which it has implemented in order to secure and protect personal data and personal identifying information (together “Personal Data“), all as defined under applicable data protection law, including without limitations, the EU General Data Protection Regulation (“GDPR”).
This information security policy (“Security Policy”) outlines the Company’s current security measures deployed by the Company as of the “Last Updated” date indicated above. We will keep updating this Security Policy from time to time, as required by applicable laws and our internal policies.
The Company has implemented technical and organizational safeguards, and established a comprehensive information and cyber security program, all for the purpose of protecting the Personal Data processed by the Company.
Physical Access Control
We ensure the protection against the unwanted and unauthorized physical access to our servers and facilities that store the Personal Data. We have chosen the reputable Microsoft Azure as our cloud storage provider. The Personal Data collected by the Company is stored in the Azure data servers. For more information regarding the data security provided by Microsoft Azure, please see: https://privacy.microsoft.com/en-US/privacystatement
Further, the Company secures the physical access to its offices using a passcode to ensure that solely authorized individuals such as employees and authorized external parties (maintenance staff, visitors, etc.) can access the Company’s offices. The Company’s offices include fire and smoke alarms in place. All data backups are stored in data safes protected from fire and water.
Security Risk Analysis and Management
The Company conducts an accurate and thorough assessment of the potential risks and vulnerabilities of the Company’s Personal Data to ensure the confidentiality, integrity, and availability of electronic protected Personal Data. The Company applies a periodic testing of the Company’s disaster plan in order to ensure that the Company can cope with a consummation of any disaster and emergency case. Our servers include an automated back-up procedure. As mentioned above, the Company’s office is equipped with fire detectors, fire extinguishers and other applicable measures for the case of consummation of a natural disaster.
The access to the Company’s database is highly restricted in order to ensure that solely the appropriate prior approved personnel can access the Company’s Personal Data. Safeguards related to remote access and wireless computing capabilities are implemented therein. Employees are required to comply with the Company’s password policy when composing a password in order to allow strict access or use related to Personal Data all in accordance with position, and solely to the extent such access or use is required.
There is constant monitoring of the access to the data and the passwords used to gain login access. In addition, the Company implements an automatic captcha, lock-out mechanism, and disables any saving password program in order to prevent any unauthorized login to the Company’s servers by the means of password guessing. Electronic procedures in order to terminate an inactive session are also in use by the Company.
Data Access Control
Removable Media and Media Controls
Organizational and Operational Security
The Company invests a multitude of efforts and resources in order to ensure compliance with the Company’s security practices, as well as continuously provides employees on-going training and periodic updates regarding the Company’s security procedures. The Company strives to raise awareness to the risk involved in the processing of Personal Data. In addition, the Company has implemented applicable safeguards for its hardware and software, including web content filtering, firewalls and anti-virus software (“Protection Measures”) on applicable Company hardware, software or employee’s computer, in order to protect against viruses, worms, Trojan identifications or any other malicious software. The Protection Measures cannot be deactivated by any user other than the Company’s cyber security officer and according to the Company’s policies.
All transfer of Personal Data between the client side and the Company’s servers is protected using encryption safeguards, as well as encryption of the Personal Data prior to the transfer of any Personal Data. The Company’s servers are protected by industry best standards. Furthermore, the destruction of Personal Data following termination of the engagement is included within the contract between the parties. In addition, to the extent applicable, the Company’s business partners execute an applicable Data Processing Agreement, all in accordance with applicable laws.