Data Security Statement

Arkitec Software handles sensitive and personal information daily. We have adequate safeguards in place to protect our staff, to protect customer privacy, to ensure compliance with various regulations and to guard the future of the Organisation.

Sensitive information may include:

• Personal information
  • Name and personal address
  • Email address
  • Date of Birth
  • Payment card details
  • Passport or Social Security numbers.

• Business information
  • Trade secrets
  • Acquisition plans
  • Financial data
  • Supplier and customer information
• Classified information
  • Restricted according to level of sensitivity (Restricted, confidential, secret and top secret).

Arkitec Software commits to respecting the privacy of all its customers and to protecting any data about customers from outside parties. To this end management is committed to maintaining a secure environment in which to process information so that these promises can be met.

We must process personal data fairly and lawfully in accordance with individuals’ rights. This generally means that we should not process personal data unless the individual whose details we are processing has provided consent.

Compliance

This policy sets out how we seek to protect personal data and ensure that staff understand the rules governing their use of personal and sensitive data to which they have access as part of their work. We each have a responsibility for ensuring our company’s systems and data are protected from unauthorised access and improper use. If you are unclear about any of the policies detailed herein you should seek advice and guidance from senior management.

Employees handling sensitive data should adhere to the following:

• Obtain written permission from the controller before engaging a subcontractor, and assume full liability for failures of subcontractors to meet the GDPR;
• Handle company and personal information in a manner that fits with their sensitivity;
• Limit personal use of the company information and telecommunication systems and ensure it doesn’t interfere with your job performance;
• The company reserves the right to monitor, access, review, audit, copy, store, or delete any electronic communications, equipment, systems and network traffic for any purpose;
• Do not disclose personnel information unless authorised;
• Protect sensitive cardholder information;
• Only process personal data on instructions from the controller, and inform the controller if it believes said instruction infringes on the GDPR.
• Take reasonable steps to secure data, such as encryption, stability and uptime, backup and disaster recovery, and regular security testing;
• Keep passwords and accounts secure;
• Request approval from management prior to establishing any new software or hardware, third party connections, etc.;
• Do not install unauthorised software or hardware, including modems and wireless access unless you have explicit management approval;
• Always leave desks clear of sensitive data and lock computer screens when unattended;
• Information regarding security incidents and data breaches must be reported without delay, to the relevant personnel and the individual responsible for incident response – Please refer to the Security Incident Response Policy;
• Upon request, delete or return all personal data to the controller at the end of service contract;
• Enable and contribute to compliance audits conducted by the controller or a representative of the controller;
• Maintain records if Arkitec Software processes data that is "likely to result in a risk to the rights and freedoms of data subjects".

Management Responsibilities

• Ensure all systems, services, software and equipment meet acceptable security standards
• Check and scan security hardware and software regularly to ensure it is functioning properly
• Research third-party services, such as cloud services, the company is considering using to store or process data

Non-compliance

• The importance of this policy means that failure to comply with any requirement may lead to disciplinary action under our procedures which may result in dismissal.