Security of your data
- Cervino MC BV tools use official API's (Application Programming Interfaces) for accessing data.
- Data transfers are done using encrypted connections.
- For logging into official API's, our tools use the OAuth 2.0 authorization protocol if available.
- We warrant that the Technical and Organizational Measures will be:
- Adequate, taken into account the state of technology, the nature of the Personal Data and the specific risks to which the Personal Data is exposed; and
- Determined and applied in such a way that the we act in compliance with the Data Protection Laws
A description of technical and organizational measures
- All employees (both internal and external) have a signed confidentiality agreement.
- Employees agree to act in accordance with our security policies.
- Employees are authorized to only access data strictly necessary for their function.
Logical user access
- Access rights to systems are clearly defined and controls are in place to ensure that the security and integrity of the information is maintained.
- Periodic access review is implemented for both logical (network) access and physical (facilities) access.
Network-, server- and application security and maintenance
- The network environment in which data is processed is strictly protected. Measure against abuse and attacks are implemented.
- The environment in which personal data is processed is monitored.
- Changes in applications are tested for vulnerabilities before migration into the production environment.
- A patch management process is in place, periodically the last (security) patches are installed on systems.
- Access to the system is logged and monitored, including monitoring of possible unauthorized access to personal data.
- Passwords and other sensitive personal data are stored encrypted.
- Encrypted connections are used at the logon process.
- The exchange of personal data is encrypted.
- The exchange of personal data with third parties on behalf of the Client is also encrypted.
- Developments/changes in the service are tested/reviewed before put in production.
- The Data Processor uses Sub Processor Strato for server hosting. Strato Data Centres are ISO 27001 certified (https://www.strato.nl/veiligheid/).
Revoking accessing data
You can always revoke Cervino MC BV’s right to access your data at any point either by sending an e-mail to our support team (support.cervinodata.com) or by revoking access rights within the specific sources. If you need any assistance, please contact support (support.cervinodata.com). Revoking access will reduce the usability of our services.
- Exchange of information may take place by way of the following methods
- In writing (on paper or digitally)
- By delivery on electronic and/or optic information carrier
- By providing access to information on data storage facilities or online platforms, like databases, analytics software, advertising platforms, e-commerce systems, etc.
- By ways of speech, visual presentations or demo’s.
- Cervino MC B.V. will keep all information strictly confidential and will take necessary precautions to safeguard the privacy and security of the confidential information.
- Cervino MC B.V. will not share confidential information with third parties, unless specifically requested by or agreed with the information supplying party.
- Confidential information will be destroyed or returned as soon as possible after request from the information supplying party.
- Cervino MC B.V. considers all information as confidential unless one or more of the following applies:
- Data that is or has been available in the public domain. Nevertheless, should any of your end users or clients ask you to delete public data that we have stored on your behalf, please let us know.
- Aggregated data that can’t be linked, directly or indirectly, to an individual organization or person. Examples of aggregated data are calculated industry benchmarks, forecasts, trends and other ways of aggregation.
- General ideas, general concepts, general knowledge or generic techniques.
- Cervino MC B.V. can never be held responsible for conclusions, interpretations, action undertaken based upon our services.
- Cervino MC B.V. uses third party software for part of its operation and services and can not be held responsible nor accountable for interruptions, errors or otherwise malfunctioning of third party software, even when this interrupts Cervino MC B.V.’s services.
- For some users, a Service Level Agreement applies. In that case, that Service Level Agreement will prevail.
- This Agreement shall be governed by, and construed in accordance with, the laws of The Netherlands.
- Any dispute arising out of or in connection with this Data Processing Agreement will be settled by the competent court in Amsterdam.
- No term of this Data Processing Agreement shall be amended or modified, unless such amendments or modifications are made in writing with express reference to this Data Processing Agreement and signed by both parties.