Global Data Policy - www.worlddata.today

GENERAL:
Global Data Policy has an active information security policy. A coordinator for information security has been appointed to identify risks related to the processing of personal data, stimulate security awareness, monitor facilities, and take measures to comply with the information security policy. Information security incidents are documented and used to optimize the information security policy. Global Data Policy has established a process for communicating information security incidents.

DESCRIPTION OF THE MEASURES TO ENSURE THAT ONLY AUTHORIZED PERSONNEL HAVE ACCESS TO THE PROCESSING OF PERSONAL DATA.
Global Data Policy uses an authorization policy to determine who should have access to which data. Employees do not have access to more data than is strictly necessary for their job.

Customer service employees have access to relevant customer information solely for the performance of their tasks. Customer service does not have access to source data and/or personal data.
Administrative employees perform actions to maintain a proper administration only within the framework of the solutions and services provided by Global Data Policy and/or to support the end user.
IT database administrators have access to databases. The actions of IT database administrators are focused on continuity and optimization of ICT systems.
Sales and account management have access to customer data for the adequate performance of their duties. The data stored in the customer information system are obtained from the customer.

DESCRIPTION OF THE MEASURES TO PROTECT PERSONAL DATA AGAINST ACCIDENTAL OR UNLAWFUL DESTRUCTION, ACCIDENTAL LOSS OR ALTERATION, UNAUTHORIZED OR UNLAWFUL STORAGE, PROCESSING, ACCESS OR DISCLOSURE.
Employees of Global Data Policy are required to sign confidentiality agreements and make information security agreements. Global Data Policy promotes awareness, education, and training in information security. Employees of Global Data Policy do not have access to more data than is strictly necessary for their job.
Personal data is only processed in a closed, physically secured environment protected against external threats. Personal data is only processed on equipment that has been physically secured and ensured the continuity of the service. Backups are made periodically for the continuity of the service. These backups are treated confidentially and stored in a closed environment. Locations where data is processed are periodically tested, maintained, and evaluated for security risks. Global Data Policy has business continuity plans that include backup locations.

The network environment in which data is processed is strictly secured. Traffic flows are separated, and measures have been implemented to prevent abuse and attacks. The environment in which personal data is processed is monitored. Changes in applications are tested for vulnerabilities before being put into production. The latest (security) patches are installed on systems periodically based on patch management. Data processed within applications are classified by risks. Penetration tests and vulnerability assessments are periodically performed. Personal data that is no longer used is permanently deleted. Encrypted connections are used for login processes. The exchange of personal data with third parties is encrypted.

DESCRIPTION OF THE MEASURES TO IDENTIFY WEAKNESSES REGARDING THE PROCESSING OF PERSONAL DATA IN THE SYSTEMS USED TO PROVIDE SERVICES TO THIRD PARTIES.
Global Data Policy's systems are checked annually for security. In addition, the security policy of Global Data Policy provides for internal processes to identify vulnerabilities.
Reporting:
Global Data Policy as a Processor continually updates this information and informs users of changes to the measures taken to protect personal data against abuse via the Global Data Policy websites.

How monitoring and identification of Data Leaks take place:
Global Data Policy monitors its service 24/7 and has taken measures to prevent and identify unauthorized or unlawful access to data. Signals indicating a data leak are evaluated by the security officer of Global Data Policy.