Information Security Policy
[Last Revised: February 27, 2019]
ryze beyond ltd (“Company”, “we”, “us” or “our”) takes information security seriously and has created this Information Security Policy (“Security Policy”) to provide our users with summary of the security measures and policies we obtain and our practices in safeguarding personal data processed when accessing and browsing our website or otherwise using our services available therein. We have implemented the below technical and organizational measures to protect the personal data processed by us, against loss, unlawful acts, destruction, alteration, unauthorized disclosure or access.
THIS SECURITY POLICY OUTLINES OUR CURRENT SECURITY PRACTICES AS OF THE “LAST REVISED” DATE INDICATED ABOVE. WE WILL KEEP UPDATING THIS SECURITY POLICY FROM TIME TO TIME, AS REQUIRED BY APPLICABLE LAWS AND OUR INTERNAL POLICIES.
System Access Control
Company’s database containing personal data is accessible only by the designated employees. The personal data processed and by Company is stored in Amazon Web Services which enable access solely through personal user authentication. Access to the database is restricted and is based on p rocedures to ensure appropriate approvals are provided solely to the extent required. In addition, remote access to the database and wireless computing capabilities are restricted and require safeguards, including VPN protection or similar security level.
Physical Access Control
The Company secures any and all physical access to its offices. The Amazon Web Services datacenter located in the EU, therefore for more information we recommends that you review Amazon’s security policy available here.
Data Access Control
All access to a database, system or storage is solely with authorization hierarchy and password protection. Further, the access to the personal data is restricted to solely the employees that “need to know” and is protected by passwords and user names. The Company audits any and all access to the database and any unauthorized access is immediately reported and handled.
Organization and Operational Security
The Company educates its employees and service providers, and raises awareness with regards to any processing of personal data. Company’s IT team ensures security of all hardware and software, by installing anti-malware software including firewalls on computers to protect against malicious use and malicious software as well as virus detection on endpoints, etc. It is the responsibility of the individuals across the Company to comply with these practices and standards which they are bound to by the employment agreement.
The purpose of transfer control is to ensure that personal data cannot be read, copied, modified or removed by unauthorized parties during the electronic transmission of these data or during their transport or storage. Further, any and all transfers of the data (either between the servers, from client side to server side and between Company’s designated partners) is secured.
The Company’s servers include an automated backup procedure. Company has ensured all systems are protected by industry best standards of security systems and measures. Our legal team has ensured our legal documentation are updated to reflect any changes and to include the mandatory provisions required by the applicable data protection laws.
Personal data and raw data are all deleted as soon as possible or legally applicable.
Employees, contractors and partners are all signed on binding agreements all of which include applicable data provisions and data security obligations. Employees are bound to comply with internal security policies and procedures and breaking or not complying with such shall result in disciplinary actions. To ensure the employees stay educated and up to date with applicable policies and legislation the Company holds annual compliance training which include data security education.