Skip to main content
Protection
Adam Żołądź avatar
Written by Adam Żołądź
Updated over 6 months ago

We have implemented technical and organizational measures ensuring the ability to continuously ensure the confidentiality, integrity, availability and resilience of processing systems and services.

Organizational measures

1. A Data Protection Inspector has been appointed in the Company.

2. Every person with access to data has been familiarized with the principles of secure data processing.

3. Initial and periodic training is conducted for persons authorized to process personal data.

4. Only authorized persons have access to computers and systems where personal data are processed.

5. Only persons who have been authorized to process them to the appropriate extent have access to personal data processed in the Company.

6. Access by authorized persons is on a need-to-know basis.

7. Persons having access to personal data are obliged to keep personal data and information on how to secure them secret.

8. The obligation to keep personal data confidential and the methods of securing it is made through written statements received from persons authorized to process personal data.

9. A register is kept of persons authorized to process personal data.

10. Documentation is kept including the Data Protection Policy with annexes.

11.Periodic audits of the Company's actual status in the area of ​​personal data protection are carried out.

12. An incident response procedure has been introduced

13. The Data Protection Policy is periodically updated.

Technical and logical protection measures

1. Backups are made.

2. The backup media are located in a room other than the server room.

3. The servers were secured by a firewall, UPS devices, a power generator and a separate power grid, redundant power connections from two different circuits protecting the IT system used to process personal data against the effects of power failure.

4. Access to data processed in the Company in IT systems and servers is possible only after authentication (providing an ID and password).

5. Logs from the operation of applications and operating systems are monitored periodically.

6. Resources processed on servers are available only to authorized employees, depending on their authorizations.

7. Applications that make up the IT system require authentication by entering a login and a password consisting of at least 8 characters, containing at least one lowercase and uppercase letter and a number or special character.

8. The password is changed at least every 30 days.

9. All computers are equipped with antivirus, antispam and firewall programs.

10. Cryptographic data protection measures are in place on all portable computers.

11. WPA2 or WPA2 Enterprise security is used for the corporate WiFi network.

12. Data is transferred to the Company via the Company's websites in an encrypted manner (logging in to the website takes place using the secure https protocol).

13.Access to the network is secured by a Firewall system.

14. Screen savers have been installed at workstations where personal data are processed.

15. A mechanism is used to automatically block access to the IT system used to process personal data in the event of a longer period of user inactivity.

16. Computer monitors on which personal data are processed are set in a way that prevents unauthorized persons from viewing the processed data.

17. Passwords used for authentication are secured with a dedicated encryption program.

18. Measures have been taken to prevent unauthorized copies of personal data processed using IT systems.

Physical protective equipment (office)

1.The building has physical security (8:00 a.m. - 6:00 p.m.) and video monitoring.

2. The keys to the Company's office are held by selected employees of the Company, which is recorded in the appropriate register.

3. Paper documentation is stored locked, in cabinets equipped with security codes or working locks.

4. Users are provided with shredders for the mechanical removal of personal data.

Physical protection measures - server room

1.Only authorized persons have access to the server room.

2. Access to the server room is secured with reinforced doors.

3. The server room is equipped with an anti-burglary system and air conditioning.

4. The building has 24-hour physical security and video monitoring.

5. The server room is a separate fire zone, equipped with a permanent fire extinguishing device using FM200 gas.

Did this answer your question?