Last updated April 19, 2018

Security policy

Introduction

The security of your personal data and non-personal data is important to UAB Syno International and its subsidiaries (hereinafter – “SynoInt”). In addition to our company policies, your personal data is protected by the EU General Data Protection Regulation (GDPR), the Republic of Lithuania Law on Legal Protection of Personal Data and other applicable international and local legal acts.

SynoInt is ensured that appropriate organizational and technical measures are implemented in order to protect personal and non-personal data from random or unlawful destruction, changing or disclosure as well as from any other kind of unlawful processing. By these measures are ensured such security level which would be appropriate for the type of data and the risk of processing.

Also, we appreciate your confidence in us and we are committed to protecting and managing your personal and non-personal data responsibly. We provide a list of main security measures publicly. Below is information about how we protect your data and information when services are provided.

 

Reliability of employees and access control

Before recruiting, the SynoInt investigates that candidates were not punished in the past for offenses of data protection, information security, confidential and commercial secrets.

All employees of the SynoInt are of impeccable reputation.

The main requirements of the employees are to ensure the quality, timeliness, transparency and objectivity of the provided services.

Employees’ access to personal and non-personal data is provided through a special system that is called “System access management”. Employees groups are granted different access rights. Access rights to personal data are reviewed on an ongoing basis.

Also, employees are educated about the information security, working with the software, to work with personal data. At least once in half a year, employees are provided special trainings on personal data protection and information security.

All employees’ actions with personal data are reviewed from time to time using the “log files” of the information systems and databases.

All employees strictly adhere to all applicable statutory requirements.

Furthermore, SynoInt communicates its information security policies to all personnel, requires new employees to sign non-disclosure and confidential agreements.

Physical security

All the premises of the SynoInt provides the highest level of security.

The following security features are available on all premises of the SynoInt:

  • Premises are locked;
  • Monitoring (CCTV), alarm and door access control (ID cards) systems are installed;
  • All other visitors to offices are required to sign;
  • All premises are with fire extinguishers, smoke and heat detectors;
  • All premises are with air conditioning system;
  • Air condition system is maintained according to the recommendations and requirements of the manufacturer;
  • In case of a natural disaster, the plan of activity continuity is prepared;
  • All important documents are stored in safes or in lockable cabinets;
  • Also, we have premises insurances, warranties and other agreements.

Servers and backups

All information and data are stored on servers and systems located in the European Union. We use third-party servers “Amazon”. All servers are licensed.

We have to inform, that “Amazon” represents, warrants and covenants to the SynoInt that according to “Amazon” policies, security is the highest their priority and they comply all applicable international laws and rules for personal and non-personal data protection and information security.

For data recovery we would use automatic database snapshots provided by “Amazon”. Recovery process is simple and easily testable. We have backups for all data from our customers, not just for critical systems.

Network security

SynoInt ensure that systems, applications, network components and other computing devices are protected from malicious activity by implementing the appropriate controls such as anti-virus, firewalls, and intrusion prevention systems.

All data is stored in the Virtual Private Cloud (VPC) in “Amazon”. All data in the databases is encrypted. Access to this data is only available via secure VPN connection or via encrypted connection using our web applications.

All computers in the office are setup to automatically receive updates. Updates for servers are provided by “Amazon”. Minor updates are applied automatically, major updates are applied during planned maintenance windows in a rolling update fashion, avoiding downtimes. Latest security patches are applied to all operating systems, applications, and network infrastructure to mitigate exposure to vulnerabilities.

Penetration Testing: sometimes we plan to use external organizations perform penetration tests.

Software development practices

Our development team employs secure coding techniques and best practices.

Development, testing, and production environments are separated.

All changes are peer reviewed and logged for performance, audit, and forensic purposes prior to deployment into the production environment.

Furthermore, SynoInt developers work with PHP, Symfony, MySQL, etc. also the latest compiler toolset, use manual code review, minimize unsafe function use, eliminate weak cryptography, etc.

Passwords policy

SynoInt ensures passwords protection. The main requirements and SynoInt position is:

  • All passwords are classified as confidential information;
  • Passwords must not be transferred or shared with others unless authorized to do so;
  • Passwords must be changed if they have been used, obtained or suspected to be obtained by anyone other than the account owner;
  • Individual user passwords must not be written down, inserted into e-mail messages or other forms of electronic communications or stored in a file or computer system unless adequately secured;
  • Passwords must have at least 8 (eight) characters;
  • Passwords can not contain the user name or parts of the user’s full name, such as his first name;
  • Passwords must use at least 3 (three) of the 4 (four) available character types: lowercase letters, uppercase letters, numbers, and symbols.
  • If the SynoInt and / or You suspect that password has been compromised, it should be changed immediately, and the incident reported to data.protection@synoint.com.

Third parties

SynoInt can not disclose the received personal data to third parties except in cases provisioned by the law.

For a variety of data processing operations, SynoInt can use data processors` services. All processors must comply the highest security requirements. All processors are verified and the SynoInt  has the right to audit data processors how they implements and keeps requirements of personal data and information security.

Handling of security breaches

The SynoInt is responsible for the confidentiality and security from the moment the personal data is received. Despite best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. We cannot always guarantee absolute security. However, in case a threat has been determined or justifiable suspicions arise the SynoInt informs You about such event. Our breach notification procedures are consistent with our obligations under various state and federal laws and regulation, as well as any industry rules or standards that we adhere to.

The SynoInt reserves the right to inform and notify law enforcement authorities about security breaches.

You should note that SynoInt did not have any security breach.

Documentation

The SynoInt has developed all security and privacy documentation. The main documents are prepared:

  • External Privacy Policy, view here;
  • Internal Privacy Policy;
  • Cookie Policy, view here;
  • Quality Documentation, view here;
  • Internal Information Security Policy;
  • Documents where are assigned Data Protection Officers (DPO) and Information Security and Cyber Security Officer (ISCSO), view here and here;
  • Other the SynoInt internal and external documents.

Your responsibilities and your rights by this policy

Keeping your data secure also requires that you maintain the security of your account by using sufficiently complicated passwords and storing them safely. You should also ensure that you have sufficient security on your own systems.

Also if you are interested in a deeper discussion about our Security Policy or should you have any queries regarding the above policy, please email us at data.protection@synoint.com or write to UAB Syno International (for data protection) Vilniaus street 35, Vilnius, 01119, Lithuania.

Policy changes

Any changes to this Security Policy will be posted on this website and take effect immediately.

This Cookie Policy is also used by the following sites:

Note:

The main and always updated version of this Security Policy is posted on www.synoint.com.

This Policy were last updated on the April 16th, 2018.

Miscellaneous

This Security Policy is governed by the law of the Republic of Lithuania.

Any dispute, controversy, disagreement or claim arising out of or in connection with the Security Policy, as well as issues of the violation, termination or validity / invalidity hereof shall be settled by mutual negotiations.

Get in touch

Would you like to find out more?

Get in touch

Please select your form