Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Purpose

The purpose of this policy is to protect Meridix data and customer information

Scope

Customer data that is used by systems hosted by Meridix cloud solution where their data is uploaded to Meridix controlled servers is handled as described below

Policy

  • Data from a customer will under no circumstances be shared, sold or used by/to other companies than Meridix without the customers written approval.
  • Data is stored in a secure way that makes it inaccessible for unauthorized personnel within Meridix as well as for partners to Meridix.
  • Data is always owned by the customer even though it is stored on Meridix controlled servers. Meridix will always accept a customers requests regarding their stored data.
  • A customer can always demand Meridix to provide access to the data for a customer in the same format as when uploaded. (ex Csv, Xml).
  • Meridix will delete historic data both from the main backend and from backup locations if a customer requests it.
  • Meridix will treat the information as sensitive business information and handle it as such.
  • Transfer of data between servers (through WAN connections) will always be done with transport layer security (TLS) techniques approved by customers specific requirements if any.
  • Any user information e.g. emails, names will never be displays on any public web pages (for non authenticated users within a system).
  • Any credentials (passwords) will be stored as a one way encrypted (hashed and salted) representation and can never be reverted to a plain text representation by user or administrators (Meridix included)
  • Meridix will always manage data in a safe and ethical manner in every possible aspect.
  • We do not collect sensitive information which includes data relating to: race or ethnic origin; political opinions; religious or other similar beliefs; physical or mental health; sexual orientation or criminal record.
  • You have the right to request access to the personal information we have about you and request that your personal details are deleted from our systems at any time.
  • If you have more questions about our security policy you can turn to dataprotectionofficer@meridix.seto dataprotectionofficer@meridix.se

Revision History


Rev

Revision Date

Description/Changes

Responsible

Draft 1

2018-05-23

Initial Draft

dataprotectionofficer@meridix.se

Draft 2

2020-09-02

Revised Draft

Meridix Operation Team



Planned Review

Next planned review of the policy will be conducted approximately 12 months from the latest revision.