Purpose
The purpose of this policy is to protect Dstny Analytics data and customer information
Scope
Customer data that is used by systems hosted by Meridix Dstny Analytics cloud solution where their data is uploaded to Meridix Dstny Analytics controlled servers is handled as described below
Policy
- Data from a customer will under no circumstances be shared, sold or used by/to other companies than Meridix Dstny Analytics without the customers written approval.
- Data is stored in a secure way that makes it inaccessible for unauthorized personnel within Meridix within Dstny Analytics as well as for partners to MeridixDstny Analytics.
- Data is always owned by the customer even though it is stored on Meridix on Dstny Analytics controlled servers. Meridix Dstny Analytics will always accept a customers' requests regarding their stored data.
- A customer can always demand Meridix Dstny Analytics to provide access to the data for a customer in the same format as when uploaded. (ex Csv, Xml).
- Meridix Dstny Analytics will delete historic data both from the main backend and from backup locations if a customer requests it.
- Meridix will Dstny Analytics will treat the information as sensitive business information and handle it as such.
- Transfer of data between servers (through WAN connections) will always be done with transport layer security (TLS) techniques approved by customers specific requirements if any.
- Any user information e.g. emails, names will never be displays displayed on any public web pages (for non-authenticated users within a system).
- Any credentials (passwords) will be stored as a one way encrypted (hashed and salted) representation and can never be reverted to a plain text representation by user or administrators (Meridix Dstny Analytics included)
- Meridix Dstny Analytics will always manage data in a safe and ethical manner in every possible aspect.
- We do not collect sensitive information which includes data relating to: race or ethnic origin; political opinions; religious or other similar beliefs; physical or mental health; sexual orientation or criminal record.
- You have the right to request access to the personal information we have about you and request that your personal details are deleted from our systems at any time.
If you have more questions about our security policy you can turn to dataprotectionofficer@meridix.seto dataprotectionofficer@meridix.se
Revision History
Rev | Revision Date | Description/Changes | Responsible |
---|---|---|---|
Draft 1 | 2018-05-23 | Initial Draft | |
Draft 2 | 2020-11-10 | Revised Draft | Operation Team |
Planned Review
Next planned review of the policy will be conducted approximately 12 months from the latest revision.