LINKURY INFORMATION SECURITY POLICY
[Last Updated: May 9, 2018]
Linkury Ltd. ('Linkury' 'Company' or 'we') is committed to provide transparency regarding the security measures which it has implemented in order to secure and protect Personal Data (as defined under applicable law, including the EU General Data Protection Regulation (Regulation 2016/679) ('GDPR')) processed by the Company for the purpose of providing its services.
This information security policy ('Security Policy') outlines the Company's current security practices as of the 'Last Updated' date indicated above. We will keep updating this Security Policy from time to time, as required by applicable laws and our internal policies.
As part of our GDPR compliance process (available at: www.linkury.com/gdpr) we have implemented, technical organizational monitoring protections, and established an extensive information and cyber security program, all with regards to the Personal Data processed by Linkury. Linkury ensures its employees, contractors, as well clients, comply with this Security Policy.
Physical Access Control
Linkury ensures the protection of the physical access to the data servers which store the Personal Data for Linkury. Further, Linkury secures the physical access to its offices to ensure that solely authorized individuals, such as employees and authorized external parties can access Linkury's offices. Linkury's office building has a guard.
Data stored within Linkury's database infrastructure is automatically encrypted at rest and distributed for availability and reliability. This helps guard against unauthorized access and service interruptions. In addition, access to Linkury's database is highly restricted, the restrictions are through protections implemented therein in order to ensure that solely the appropriate prior approved personnel, can access Linkury's database. Safeguards related to remote access and wireless computing capabilities are in implemented therein. The databases are protected and solely authorized personnel may access such database by using a designated password. Employee are assigned private passwords that allows strict access or use related to Personal Data all in accordance with position, and solely to the extent such access or use is required. There is constant monitoring of the access to the personal data and the applicable user which gained login access.
Data Access Control
Linkury implements restrictions in place in order to ensure that the access to the Personal Data is restricted to employees which have a requirement to access it, all in order to ensure that Personal Data shall not be accessed, modified, copied, used, transferred or deleted without specific authorization. The access to the Personal Data, as well as any action performed involving the use of the Personal Data requires a password and user name, which is routinely changed, as well as blocked when applicable. The user password is fully encrypted. Each employee is able to perform actions solely according to the permissions determined by the Company. Each access is logged and monitored, and any unauthorized access is automatically reported. Further, Linkury has ongoing review of which employees' have authorizations, to assess whether access is still required. Company revokes access immediately upon termination of employment.
Organizational and Operational Security
Linkury invests a multitude of efforts and resources in order to ensure all of the Company's employees comply with the Company's security practices, as well as continuously provides employees training. The Company strives to raise awareness to the risk involved in the processing of Personal Data. In addition, Linkury implemented applicable safeguards for its hardware and software, including firewalls and anti-virus software on applicable Company devices, in order to protect against malicious software.
The Company does not transfer any Personal Data outside of the Company's cloud servers. All transfer of Personal Data between the client side and the Company's servers is protected using encryption safeguards such as L2TP, IPsec (or equivalent protection), as well as encryption of the Personal Data prior to the transfer of any Personal Data. Linkury's servers are protected by industry best standards.
The Company's servers include an automated backup procedure. The Company has a backup concept which includes automated daily backups. Periodical checks are preformed to determine that the backup have occurred.
Personal Data and raw data are all deleted automatically as soon as such data and Personal Data is no longer required in order for Linkury to provide its Services, all in accordance with applicable laws.
Linkury's employees are required to sign on applicable provisions binding them to comply with applicable data security practices and confidentiality. Further, employees undergo a screening process applicable per regional law. In the event of a breach of an employee's obligation or noncompliance with Linkury's policies, applicable disciplinary actions including termination when needed. In addition, prior to Linkury's engagement with third party contractors, Linkury is giving significant weight to diligence considerations, with particular regard to data security. The third-party contractor's authorized actions with respect to its access to Personal Data are explicitly detailed, as well as the destruction of Personal Data following termination of the engagement. In addition, Linkury's partners are being signed on an applicable Data Processing Agreement.
THIS SECURITY POLICY IS AN OVERVIEW OF LINKURY SECURITY PRACTICES AND MIGHT BE UPDATED FROM TIME TO TIME, ACCORDING TO ANY APPLICABLE LEGISLATION OR INTERNAL POLICIES.