Last uploaded: 19 April 2020
This Information Security Policy (“Information Security Policy”) describes the measures which Exposebox Ltd. (“Exposebox”, “We”, “Our” or “Us”) uses in order to secure and protect Personal Data (as defined under applicable data protection laws).
This Information Security Policy establish a general approach to information security and outlines Exposebox`s security, technical and organizational measures.
Employees Control
All of the employees of Exposebox are required to execute an employment agreement which includes confidentiality provisions and applicable data security practices. Respective local security procedures are established for the employees, failure to adhere with the procedures may result in disciplinary action.
Physical Access Control
We ensure protection of the physical access to the data servers which store the Personal Data for Exposebox. The data processed by Exposebox are stored in the Google Cloud, which its security measure can be found here and Amazon Web Services (AWS) US data servers, which its security measure can be found here. Further, we secure the physical access to Our office premises to ensure that only authorized persons and employees can assess the company premises. We also use security measures such as security locks, security cameras, guards.
Technical Security and Data Access Control
Access to Exposebox`s database is highly restricted in order to ensure that solely the appropriate personnel can access Our database. Safeguards related to remote access and wireless computing capabilities are implemented.
There are restrictions in place in order to ensure that the Personal Data is available solely to the personnel who have permission to access it via user authentication measures. The access to the Personal Data, as well as any action, performed involving the use of the Personal Data requires a password and user name, which is routinely changed, as well as blocked when applicable. Further, Exposebox has an ongoing review of personnel who have such authorizations to access Personal Data, in order to assess whether access is still required. The Company revokes access immediately upon termination of engagement.
Exposebox implemented applicable safeguards for it`s hardware and software, including firewalls, anti-virus software in order to protect against malicious software.
Availability Control, Data Retention
Exposebox maintains backup policies and measures. We also conduct regular controls of the condition and labelling of data storage devices for data security.
Personal Data is retained for as long as needed to provide the services as required under applicable laws.
