Signaturit complies with all its obligations under the RGPD. First of all, towards its clients, Signaturit acts as data processor, assuming the corresponding obligations, based on the provisions of article 28 of the RGPD. As data processor, Signaturit carries out a treatment on behalf of the data controller who will the specific treatment that Signaturit will be allowed carry out regarding the personal data.
In order to duly perform its role as data processor, Signaturit has implemented several security measures aimed at ensuring the proper treatment of data. Some of the measures taken by Signaturit are the following:
- It has a system for the designation of users and passwords of its personnel, both for their own systems and for third-party systems, for which access is limited by attending to user profiles; by assigning personalized users and passwords that expire at least once a year.
- It has informed its personnel of the rights and duties that correspond to them regarding the processing of data of third parties.
- It has an updated list of profiles and permissions of its users, both to its own systems and those of third parties.
- It has a system for registering incidents, as well as the protocol to follow in case of an internal incident as well as the communication to the Data Controller, Users or the supervisory organism.
- Adopt appropriate measures for the transfer of media, own or of third parties, if any.
- It has identification systems for the supports it works with.
- It has a circuit of backup copies of its systems on a daily basis.
- It has a data recovery circuit, as part of its Business Continuity and Disaster Recovery Policy.
- It has appointed a Data Protection Officer, which can be contacted in the following address: firstname.lastname@example.org.
- Has conducted or conducts audits every two years in the field of data protection.
- It has a system for registering entries and exits of media that may contain especial categories of data that complies with the parameters of the law.
- It has limited the unauthorized accesses to its computer systems, as it has established secure areas, with limited access only to trusted personnel, both physically and logically.
- In its circuit and record of incidents, it is also allowed to record the data recovery process; according to the parameters of the regulations.
- It has an Information Security Management System certified under the ISO 27001 standard by AENOR INTERNACIONAL, S.A.U.