Start for free
Home / Legal documents / Data Security

Data Security

Table of contents:

1. Introduction

SELZY (hereinafter referred to as “the Company” or Selzy”) is committed to upholding the highest standards of data security and privacy protection. This document outlines the comprehensive measures implemented by the Company to safeguard client data and maintain compliance with applicable regulations.

2. Data Protection and Security Measures

2.1 Infrastructure Security

2.1.1 Data Center Facilities

The Company utilizes state-of-the-art data centers operated by  Amazon AWS, (TET) Lattelecom and Hetzner, which adhere to stringent security protocols, including but not limited to:

  • ISO 27001 certification
  • Continuous monitoring and surveillance (24 hours per day, 7 days per week, 365 days per year)
  • Biometric access controls and security mantraps
  • Redundant power supply and cooling systems to ensure uninterrupted service
  • Environmental controls, including fire suppression systems and temperature regulation
  • Regular third-party audits of physical security measures

2.1.2 Network Security Protocols

The Company employs a multi-tiered approach to network security, encompassing:

  • Advanced firewalls and switches at all data transition points
  • Data encryption in transit (2048-bit TLS 1.2 or higher) and at rest (AES-256)
  • Robust Distributed Denial of Service (DDoS) mitigation strategies
  • Regular network vulnerability scans and penetration testing
  • Intrusion Detection and Prevention Systems (IDS/IPS)
  • Virtual Private Network (VPN) for secure remote access

2.2 Application Security

2.2.1 Secure Development Lifecycle

Selzy integrates security measures throughout the software development process, including:

  • Mandatory peer code reviews and automated security assessments
  • Continuous integration and deployment pipelines with security vulnerability testing
  • Regular third-party penetration testing to identify and remediate potential vulnerabilities
  • Secure coding practices training for all developers
  • Use of static and dynamic application security testing tools
  • Regular security audits of third-party libraries and dependencies

2.2.2 Authentication and Access Control Mechanisms

To ensure authorized access to data, Selzy implements:

  • Role-Based Access Control (RBAC) to enforce the principle of least privilege
  • Single Sign-On (SSO) compatibility with major identity providers

3. Operational Security

3.1 Monitoring and Incident Response

Selzy maintains vigilant oversight of its systems through:

  • A dedicated 24/7 Security Operations Center (SOC)
  • Comprehensive logging and monitoring of all system activities
  • A detailed incident response plan with predefined procedures for various security scenarios
  • Regular incident response drills and tabletop exercises
  • Automated alerting systems for anomalous activities
  • Forensic analysis capabilities for thorough incident investigation

3.2 Employee Training and Security Awareness

The Company fosters a culture of security awareness through:

  • Regular security best practices and social engineering threat training for all employees
  • Periodic phishing simulation exercises
  • Thorough background checks for all new hires
  • Clear communication of security policies and procedures to all employees
  • Disciplinary measures for non-compliance with security policies

3.3 Data Backup and Recovery

To ensure data integrity and availability, Selzy implements:

  • Regular automated backups of all critical data
  • Geographically dispersed backup storage locations
  • Retention policies aligned with legal and regulatory requirements
  • Business continuity and disaster recovery plans

4. Privacy and GDPR Compliance

As an EU-based entity, Selzy strictly adheres to the General Data Protection Regulation (GDPR), including:

  • Implementation of Privacy by Design principles in product development
  • Regular reviews and updates of customer and vendor agreements to meet GDPR requirements
  • Establishment of a cross-departmental GDPR working group
  • Ongoing product and process innovation to support GDPR compliance
  • Implemented procedures for detecting, reporting, and investigating personal data breaches
  • Appointment of a Data Protection Officer (DPO)
  • Maintenance of Records of Processing Activities (RoPA)
  • Conducting Data Protection Impact Assessments (DPIA) when necessary
  • Providing mechanisms for data subjects to exercise their rights under GDPR

More information about our privacy compliance can be found at: https://selzy.com/en/legal/gdpr/

5. Continuous Improvement

Selzy is committed to continuously improving its security and privacy measures through:

  • Regular reviews and updates of this policy
  • Staying informed about emerging threats and best practices in cybersecurity
  • Soliciting feedback from clients and employees on security and privacy matters

6. Disclaimer

This document serves as a general overview of the Company’s security and privacy measures. Selzy reserves the right to modify these practices as necessary to maintain the highest levels of data protection. Clients are encouraged to consult with their legal counsel to determine the applicability of these measures to their specific circumstances.