The security of your personal data and non-personal data is important to UAB Syno International and its subsidiaries (hereinafter – “SynoInt”). In addition to our company policies, your personal data is protected by the EU General Data Protection Regulation (GDPR), the Republic of Lithuania Law on Legal Protection of Personal Data and other applicable international and local legal acts.
SynoInt is ensured that appropriate organizational and technical measures are implemented in order to protect personal and non-personal data from random or unlawful destruction, changing or disclosure as well as from any other kind of unlawful processing. By these measures are ensured such security level which would be appropriate for the type of data and the risk of processing.
Also, we appreciate your confidence in us and we are committed to protecting and managing your personal and non-personal data responsibly. We provide a list of main security measures publicly. Below is information about how we protect your data and information when services are provided.
Reliability of employees and access control
Before recruiting, the SynoInt investigates that candidates were not punished in the past for offenses of data protection, information security, confidential and commercial secrets.
All employees of the SynoInt are of impeccable reputation.
The main requirements of the employees are to ensure the quality, timeliness, transparency and objectivity of the provided services.
Employees’ access to personal and non-personal data is provided through a special system that is called “System access management”. Employees groups are granted different access rights. Access rights to personal data are reviewed on an ongoing basis.
Also, employees are educated about the information security, working with the software, to work with personal data. At least once in half a year, employees are provided special trainings on personal data protection and information security.
All employees’ actions with personal data are reviewed from time to time using the “log files” of the information systems and databases.
All employees strictly adhere to all applicable statutory requirements.
Furthermore, SynoInt communicates its information security policies to all personnel, requires new employees to sign non-disclosure and confidential agreements.
All the premises of the SynoInt provides the highest level of security.
The following security features are available on all premises of the SynoInt:
Servers and backups
All information and data are stored on servers and systems located in the European Union. We use third-party servers “Amazon”. All servers are licensed.
We have to inform, that “Amazon” represents, warrants and covenants to the SynoInt that according to “Amazon” policies, security is the highest their priority and they comply all applicable international laws and rules for personal and non-personal data protection and information security.
For data recovery we would use automatic database snapshots provided by “Amazon”. Recovery process is simple and easily testable. We have backups for all data from our customers, not just for critical systems.
SynoInt ensure that systems, applications, network components and other computing devices are protected from malicious activity by implementing the appropriate controls such as anti-virus, firewalls, and intrusion prevention systems.
All data is stored in the Virtual Private Cloud (VPC) in “Amazon”. All data in the databases is encrypted. Access to this data is only available via secure VPN connection or via encrypted connection using our web applications.
All computers in the office are setup to automatically receive updates. Updates for servers are provided by “Amazon”. Minor updates are applied automatically, major updates are applied during planned maintenance windows in a rolling update fashion, avoiding downtimes. Latest security patches are applied to all operating systems, applications, and network infrastructure to mitigate exposure to vulnerabilities.
Penetration Testing: sometimes we plan to use external organizations perform penetration tests.
Software development practices
Our development team employs secure coding techniques and best practices.
Development, testing, and production environments are separated.
All changes are peer reviewed and logged for performance, audit, and forensic purposes prior to deployment into the production environment.
Furthermore, SynoInt developers work with PHP, Symfony, MySQL, etc. also the latest compiler toolset, use manual code review, minimize unsafe function use, eliminate weak cryptography, etc.
SynoInt ensures passwords protection. The main requirements and SynoInt position is:
SynoInt can not disclose the received personal data to third parties except in cases provisioned by the law.
For a variety of data processing operations, SynoInt can use data processors` services. All processors must comply the highest security requirements. All processors are verified and the SynoInt has the right to audit data processors how they implements and keeps requirements of personal data and information security.
Handling of security breaches
The SynoInt is responsible for the confidentiality and security from the moment the personal data is received. Despite best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. We cannot always guarantee absolute security. However, in case a threat has been determined or justifiable suspicions arise the SynoInt informs You about such event. Our breach notification procedures are consistent with our obligations under various state and federal laws and regulation, as well as any industry rules or standards that we adhere to.
The SynoInt reserves the right to inform and notify law enforcement authorities about security breaches.
You should note that SynoInt did not have any security breach.
The SynoInt has developed all security and privacy documentation. The main documents are prepared:
Your responsibilities and your rights by this policy
Keeping your data secure also requires that you maintain the security of your account by using sufficiently complicated passwords and storing them safely. You should also ensure that you have sufficient security on your own systems.
Also if you are interested in a deeper discussion about our Security Policy or should you have any queries regarding the above policy, please email us at firstname.lastname@example.org or write to UAB Syno International (for data protection) Vilniaus street 35, Vilnius, 01119, Lithuania.
Any changes to this Security Policy will be posted on this website and take effect immediately.
The main and always updated version of this Security Policy is posted on www.synoint.com.
This Policy were last updated on the April 16th, 2018.
This Security Policy is governed by the law of the Republic of Lithuania.
Any dispute, controversy, disagreement or claim arising out of or in connection with the Security Policy, as well as issues of the violation, termination or validity / invalidity hereof shall be settled by mutual negotiations.