Security Policy

We value the safety of our users

 

We constantly strive to ensure the confidentiality and security of your personal data.

The legality, transparency and fairness of any processing operation is a priority for us, so we invite you to read fully and carefully our security policy.

We use reasonable and appropriate physical, technical, and administrative industry safeguards to protect information from unauthorized access, use, loss, misuse or unauthorized alteration.

We prevent unauthorized access to your account and information:

By choosing a strong and unique password which is stored in a password manager and we change our password regularly;


We set the appropriate passwords as follows: 

    • a password must not be predictable, contain words from the dictionary; 

    • a password must be at least 8 characters long for laptops, computers, notebooks, and at least 6 characters for mobile devices, such as tablets and mobile phones; 

    • a password must contain a mix of alphabetic characters, both uppercase and lowercase (example: a; C; d; e, etc.) and non-alphabetic (!, #, $,%, 6, 8, etc.); 

    • a password must contain a mix of at least two types of non-alphabetic characters; 

    • a password must not contain parts of the name, surname, e-mail address, user number; 

    • a password must be changed at regular intervals, respectively at most every 90 calendar days; 

    • a password must not be one used in the private environment, respectively outside the work environment within your company; 

Example of the appropriate password in terms of complexity: AS178dr! or 17 # * AMsl! 

Note: for locking and unlocking mobile devices, such as tablets and mobile phones, the use of biometric solutions is accepted (example: using the fingerprint reader). 

Communication to third parties of passwords used to secure workstations is strictly prohibited.



By using and updating firewall programs;


The workstations used have activated personal firewalls, respectively activated at the level of each workstation after consulting an IT specialist. 

The routers used also have firewalls enabled (in the main network, the one that hosts the files with personal data; activated and set for periodic updates). 

It is strictly forbidden to deactivate this functionality of the operating system. 

It is strictly forbidden to make settings on this functionality, especially settings that disrupt: 

    • Detecting networks that should be treated as unknown; 

    • Alerting users about programs that require access to the Internet; 

    • Blocking unauthorized access. 

It is forbidden to use personal workstations without activating the personal firewall if the activity involves the processing of personal data.

 

Using and updating antivirus programs;


We install licensed anti-malware programs on workstations for added protection. Each employee has the obligation not to change the settings of the respective anti-malware program, especially the settings that aim at the following functionalities: 

    • Blocking and detecting malware; 

    • To perform periodic scans in order to identify possible malware; 

    • Updating the signatures used to identify malware; 

    • Antimalware product update. 

Note: if the employees use personal workstations without activating the personal firewall and the activity involves the processing of personal data, the employee will contact an IT specialist.

 

Using only the company’s internet network


 In particular, it is forbidden to use public Internet networks, which do not have adequate security features, such as the use of a password to connect to the Internet, if the equipment is used for the performance of duties. 

The installation of add-on programs at the level of the internet browser is strictly forbidden. 

For the software programs used in order to carry out the activity and especially in order to process personal data, it is forbidden to save the username and password through the internet browser.

In addition, in case of using web applications, respectively that require internet connection, in case of stopping the use of said application, the log off function, respectively logging, will always be used. 

The communication of the access password to the internet infrastructure within the company (example: wireless routers that offer internet connectivity), is strictly forbidden.

 

We protect confidential information


Confidential information includes both information about appreciate-me's business and information about the company's customers and employees. 

In order to protect confidential information, the following measures will be applied: 

    • The access to the information is made in an authorized manner, respectively by using a username and a password; 

    • Confidential information will be transported, respectively sent and / or transferred only in an encrypted manner; 

    • The storage of confidential information, through external storage media, respectively USB sticks, external hard disks, will be done only in an encrypted manner; 

    • Confidential information will be destroyed, if it is no longer needed, in a secure way that does not allow its reproduction and always based on internal documents approved by management.

 

We do not share data


It is forbidden to install peer to peer programs on workstations owned by appreciate-me programs that allow files to be accessed by external users or to share files with external users.

 

Employees use only the email addresses provided by appreciate-me



The use of the e-mail address provided by the company is allowed only in order to perform the duties of the service. Subscribing to newsletters is allowed only to the extent that this justifies the performance of certain tasks. These provisions do not apply to employees who use personal e-mail addresses in order to carry out the activity. 

Employees will need to act in a responsible manner from the point of view of IT security, and in case of identifying attempted attacks through social engineering methods (eg. phishing) this will be reported to the management. 

In case of identification of suspicious requests regarding the provision of a significant amount of personal data, requests that seem to be initiated from within the company (for example a request for the provision of personal data, coming from the company's management) , before making personal data available, the legitimacy of such a request will be verified within the company. 

The e-mail addresses @appreciate-me.com will not be used in order to create accounts on web pages or web applications, which are not related to the activity within the company.

 

Modification of the Security Policy 

If a change to the present security rules is required, appreciate-me will publish those changes to ensure accurate and complete information about the security of the data collected and the use of such data.

 

 

Version published on November 20th, 2020

 

2020 © APPRECIATE-ME.COM SRL

appreciate-me - Fund your projects and help others