Access to all data processing systems is solely via Company’s user authentication systems. only a portion of specific personnel has access to systems. All access to Company’s systems admin network is available solely from the office going through a private, dark fibre, link to the data centre. Systems are not accessible from the internet. All access to Company’s systems admin network is encrypted by VPN and TLS 1.2. authentication is multifactor. Authentication to each system is through a user-password, unique to each employee or personnel and from a different domain controller dedicated to such environment. Intracellular has implemented extreme measures to ensure the Personal Data is protected.
The access to the Personal Data is restricted to solely the employees that are required to receive access. Employees are educated and tested with regards to security of the Personal Data. The database is solely accessible to Database administrators and senior developers.
All Company systems are in a cage located in a colocation. To enter into the colocation, biometric (fingerprint) is required along with access card. Once entered the 24/7 security operator personnel has to verify the identity of the individual and log the entry and exit. Once within the Company, a key is required to open the cage padlock. All doors and corridors are under video surveillance. All video footage surveillance if stored by the Company for a period of a minimum of three months.
The goal of transfer control is to ensure that Personal Data cannot be read, copied, modified or removed by unauthorized parties during the electronic transmission of data or during their transport in motion, to the applicable data center. Customer data is not transferred anywhere other than Company’s database. Backup is sent offsite through private link. Offsite backup area is protected by access card for physical access. Transmission of data during backups is encrypted. Encrypted files over SFTP. IPNs over TLS 1.2 and tokenized API access.
The Company holds a disaster recovery site, located at another geographic location and is ready to continue operation in the event of system failure or security breach. Company database backup which is sent offsite is transferred solely through a private link. Offsite backup area is protected by access card for physical access. Transmission of data during backups is encrypted as indicated within the transfer control clause. All test environments do not process or use real data.
Personal Data as well as raw data are deleted as soon as possible or as soon as legally required.
Employees and data processors are all signed on applicable and binding agreements all of which include applicable data provisions and data security obligations. Further, as part of the employment process, employees undergo a screening process applicable per regional law. Employees are bound to follow the Company’s policies and procedures and violations shall result in disciplinary actions up to and including termination of employment. An employee will not gain access to the Personal Data until the Company has trust that the employee is well educated and responsible to handle the Personal Data, if needed, in a secure manner. In addition, the Company hold annual compliance training which include data security education. Company has ensured all documents, including without limitations, agreements, privacy policies online terms, etc. are compliant with the GDPR. Our Legal team is busy ensuring our legal documentation is updated to reflect any changes and to include the mandatory Processor provisions required by Article 28 of the GDPR. THE INFORMATION SECURITY, LEGAL, PRIVACY AND COMPLIANCE DEPARTMENTS WORK TO IDENTIFY REGIONAL LAWS, REGULATIONS APPLICABLE TO COMPANY’S COMPLIANCE. THEREFORE, THIS SECURITY POLICY MAY BE UPDATED FROM TIME TO TIME, ACCORDING TO ANY APPLICABLE LEGISLATION OR INTERNAL POLICIES.
email us directly at: firstname.lastname@example.org
Phone:35 62 776 1407
Intracellular Limited | 25, Tigne Street, Sliema SLM 3174, Malta