Privacy Policy

1. COLLECTION OF PERSONAL DATA

The purpose of this security policy is to ensure an appropriate level of protection for the personal data of the data subjects, by properly applying the national legislation regarding data protection and confidentiality of communication.

2. PRINCIPLES OF PROCESSING PERSONAL DATA

Legality:

The processing of personal data is carried out in good faith and in accordance with legal provisions;

Purpose limitation:

Any processing of personal data is carried out for well-defined, explicit, and legitimate purposes, adequate, relevant, and not excessive in relation to the purpose for which they are collected and subsequently processed;

Information:

By this notice, individuals are informed that their personal data will be processed;

Storage:

Personal data is not stored for a period longer than necessary to achieve the purposes for which it was collected;

Protection of data subjects:

Personal data will be processed by authorized personnel within the company “Online Broker de Asigurare” SRL or by other authorized persons as per the law.

Security:

Technical and organizational security measures for personal data are established to protect personal data from accidental or unlawful destruction, loss, alteration, disclosure, or unauthorized access (access to user databases is done based on username and password, regulated through roles and access rights). The possibility of altering accessed data is protected through a firewall monitored by “Online Broker de Asigurare” S.R.L., as well as by antivirus solutions updated permanently. Transfers between server clients and administrators or operators are encrypted using a digital certificate, so data cannot be intercepted.

3. PERSONAL DATA PROCESSING POLICY

In accordance with the provisions of LAW No. 133 of 08.07.2011 regarding the protection of personal data, “Sykors Media” is obligated to manage, in safe conditions and only for the purposes presented below, the personal data provided to it.

“Sykors Media” commits to maintaining the confidentiality of personal data provided through the sykors.com website, as required by the provisions of LAW No. 133 of 08.07.2011, with subsequent amendments, regarding personal data protection.

4. REQUIREMENTS FOR ENSURING THE SECURITY OF PERSONAL DATA

The following categories of personal data processing operations present special risks for the rights and freedoms of individuals:
    1) adaptation, modification, disclosure through transmission, dissemination, or in any other way, of personal data related to racial or ethnic origin, political, religious beliefs, political party or religious organization membership, health status, private life, as well as personal data regarding criminal convictions, coercive measures, disciplinary or contravention sanctions;
    2) operations of processing genetic, biometric data, and data allowing geographical location of individuals through electronic communication networks;
    3) operations of processing personal data through electronic means, aimed at evaluating aspects of personality, such as professional competence, credibility, behavior, etc.;
    4) operations of processing personal data through electronic means within tracking systems, aimed at analyzing solvency, economic-financial situation, facts liable to attract disciplinary, contravention, or criminal liability of individuals;
    5) operations of processing personal data of minors for commercial purposes (direct marketing activities);
    6) operations of processing personal data mentioned in subpoints 1) and 2) of this annex, as well as personal data of minors collected through the internet or electronic messaging.

The requirements for ensuring the security of personal data in their processing within personal data information systems (hereinafter - Requirements) aim at establishing the minimum rules for personal data controllers to implement the necessary technical and organizational measures to ensure the security, confidentiality, and integrity of personal data processed within personal data information systems and/or manually kept registers, in accordance with the provisions of Law No. 17-XVI of February 15, 2007, regarding the protection of personal data (Official Journal of the Republic of Moldova, 2007, no. 107-111, art. 468) and Law No. 71-XVI of March 22, 2007, regarding registers (Official Journal of the Republic of Moldova, 2007, no. 70-73, art. 314).

These Requirements create the necessary framework for the application of the Convention for the protection of individuals concerning the automated processing of personal data, concluded in Strasbourg on January 28, 1981, published in European Treaty Series, No. 108, ratified by the Republic of Moldova by Parliament Decision No. 483-XIV of July 2, 1999.

According to Decision No. 1123 of 14.12.2010 regarding the approval of the Requirements for ensuring the security of personal data when processing them in personal data information systems, personal data protection measures represent an integral part of the works for the creation, development, and operation of personal data information systems and will be continuously implemented by all personal data controllers. The protection of personal data in personal data information systems is ensured through a complex of technical and organizational measures to prevent unlawful processing of personal data. The protection measures for personal data processed in personal data information systems are implemented while ensuring the confidentiality of these measures. The implementation of any measures and works using the information resources of the personal data controller is prohibited if appropriate protection measures for personal data are not adopted and implemented.

“Sykors Media” certifies that it meets the minimum requirements for the security of personal data.

According to Decision No. 1123 of 14.12.2010, personal data protection in personal data information systems is ensured for the following purposes:
    1) preventing leaks of information containing personal data through unauthorized access to it;
    2) preventing destruction, modification, copying, unauthorized blocking of personal data in telecommunication networks and information resources;
    3) complying with the legal framework for using information systems and software for processing personal data;
    4) ensuring the completeness, integrity, and accuracy of personal data in telecommunication networks and information resources;
    5) maintaining the ability to manage the process of processing and storing personal data.

The protection of personal data processed in information systems is achieved by the following methods:
    1) preventing unauthorized connections to telecommunication networks and interception of personal data transmitted through these networks using technical means;
    2) excluding unauthorized access to personal data being processed;
    3) preventing special technical and software actions that may cause the destruction, modification of personal data or malfunctions in the operation of technical and software systems;
    4) preventing intentional and/or unintentional actions by internal and/or external users, as well as other employees of the personal data controller, that may cause the destruction, modification of personal data or malfunctions in the technical and software systems.

Access to the premises/offices/rooms or spaces where personal data information systems are located is restricted, and access is only permitted to authorized individuals during working hours, according to the list and appropriate identification signs (badges, identification cards, chip cards). The rooms where personal data information systems are installed are equipped with access control and video surveillance systems to monitor access to these spaces.

During monitoring, real-time surveillance and alarm systems are used to track all cases of authorized and/or unauthorized access. Automated means are used to detect unauthorized access cases and initiate blocking actions. Computers, servers, and other access terminals are placed in highly secure areas with restricted access for unauthorized persons.

Electrical equipment used to maintain the functionality of personal data information systems, as well as electrical cables, are protected from damage and unauthorized connections. In case of emergency, failure, or force majeure, the possibility of disconnecting the electricity supply to personal data information systems is ensured, including the possibility of disconnecting any IT component. Short-term backup power sources are provided to ensure the correct completion of the system session in the event of a disconnection from the main power supply. Fire safety measures are also implemented for the premises/offices/rooms where personal data information systems and personal data processing equipment are located. Automated fire detection/signaling and extinguishing systems are installed in these locations.

Computers, access terminals, and printers are disconnected at the end of working sessions. Personal data processing devices, information containing personal data, or software intended for processing personal data are removed from the security perimeter only with written permission from the management of the personal data controller. The removal and insertion of personal data processing devices into/from the security perimeter are recorded.

Identification and authentication of users of personal data information systems and processes performed on behalf of these users are carried out. All users (including technical support personnel, network administrators, programmers, and database administrators) will have a personal identifier (user ID) that must not reflect the accessibility level of the user. User IDs are confirmed using passwords, special physical access means with memory (tokens), microprocessor cards, biometric authentication means based on unique and individual characteristics of the person.

User identifier management includes:
    1) unique identification of each user;
    2) verification of each user's authenticity;
    3) obtaining authorization from the person responsible for issuing the user ID;
    4) ensuring that the user ID is issued to a specific person;
    5) deactivating the user account after a period of inactivity, established over time (inactivity within a maximum of 2 months);
    6) executing backups of user IDs.

Information leaving the system, containing personal data, is marked, indicating prescriptions for further processing and dissemination, including specifying the unique identification number of the personal data holder. All methods of remote access to personal data informational systems are secured (using VPN, encryption, etc.), documented, monitored, and controlled. Each method of remote access to personal data informational systems is authorized by the responsible persons of the personal data holders and permitted only to users who need it to fulfill the established objectives.

Wireless access to personal data informational systems is documented, monitored, and controlled. Wireless access to personal data informational systems is allowed only if cryptographic means of information protection are used. The use of wireless technologies is authorized by the responsible persons of the personal data holder.

Access from external users to the internal network where personal data is processed is ensured to be impossible.

The integrity of personal data transmitted is ensured by using cryptographic protection means.

The confidentiality of transmitted personal data is ensured by using cryptographic protection means.

Protection against harmful software infiltration in the software intended for personal data processing is ensured, a measure that guarantees the automatic and timely renewal of protection against harmful programs and virus signatures. Centralized administration of protection mechanisms against harmful software in software intended for personal data processing is ensured.

The personal data holders regularly verify, at least once a year, the implementation of technical and/or organizational measures taken to detect dysfunctions regarding the use of telecommunications systems in the personal data processing process and/or make improvements if necessary. Security controls are updated every time the personal data holder is reorganized or changes its infrastructure. In order to verify the protection level of personal data informational systems and to prevent possible cases of illicit or accidental access to these informational systems, identifying weak spots in their protection mechanisms, the Center periodically conducts security checks, including implementing special technical measures to simulate a model of accessing personal data informational systems. The results of the controls carried out by the Center are immediately provided to the personal data holder, whose personal data informational systems were subject to the check, with instructions, if necessary, on the actions that need to be taken to ensure personal data processing security.

5. PURPOSE OF COLLECTING PERSONAL DATA

„Sykors Media” processes personal data of its clients and other persons who are in contact with it or provide personal data through browsing the sykors.com website, for the purpose of issuing and delivering the insurance policies purchased.

Personal data (identity data, address, personal identification number, phone number, age, or any other similar data provided) may be processed and used by „Sykors Media” both for the purpose of issuing and delivering the insurance policies ordered on the company's website, as well as for creating databases and using them in future efforts and activities of the operator, in accordance with the provisions of Law no. 133 from 08.07.2011 for the protection of individuals regarding personal data processing.

„Sykors Media” will not disclose any of your data (personal or optional information) to a third party without your consent, unless we are convinced in good faith that the law requires it or if this is necessary to protect the rights or property of our company.

6. SECURITY AUDIT IN INFORMATIONAL SYSTEMS OF PERSONAL DATA

„Sykors Media” organizes the generation of security audit records in personal data informational systems for the following events:

o   The recording of user login/logout attempts in the system (recording the date and time of the login/logout attempt; user ID; the result of the login/logout attempt – positive or negative);

o   The recording of attempts to gain access to applications and processes intended for personal data processing;

o   The recording of start/stop attempts of working sessions of applications and processes intended for personal data processing, recording changes in user access rights, and object access status;

o   The recording of changes in user access rights (competencies) and the status of access objects;

o   The recording of information leaving the system containing personal data (electronic documents, data, etc.), recording changes in subjects' access rights and the status of access objects.

 In case of security audit malfunction in personal data informational systems or completion of the entire memory allocated for storing audit results, the person responsible for personal data security policy is notified, and measures are taken to restore the audit system's operational capacity. Continuous monitoring and analysis of audit logs in personal data informational systems are carried out in order to detect unusual or suspicious activities related to the use of these informational systems, with the preparation of a report on the detection of such activities, stored in electronic computing means, and taking predefined actions in the security policy for such cases.

The results of the security audit in personal data informational systems, which represent personal data processing operations and audit means, are protected against unauthorized access by establishing appropriate security measures, including ensuring their confidentiality and integrity.

To ensure the integrity of information containing personal data and information technologies, the identification, recording, and removal of deficiencies in software intended for personal data processing are ensured, including the installation of corrections and update packages for these software systems. Protection against the infiltration of harmful programs in software intended for personal data processing is ensured, a measure that ensures the automatic and timely renewal of protection against harmful programs and virus signatures. Intrusion detection technologies and tools are used to monitor events in personal data informational systems and detect attacks, including identifying unauthorized use attempts of informational systems.

To restore information containing personal data (for creating backup copies), „Sykors Media” establishes the time interval in which backup copies of personal data and software used for automated personal data processing are made, but in any case, this period is less than one year, and it is stored in protected locations outside the area where this information and software are placed. Backup restoration procedures are regularly updated and tested to ensure their effectiveness.

„Sykors Media” regularly checks, at least once a year, the implementation of technical and/or organizational measures taken to detect dysfunctions regarding the use of telecommunications systems in the personal data processing process and/or make improvements if necessary. Security controls are updated every time the holder is reorganized or changes its infrastructure. To verify the protection level of personal data informational systems and to prevent possible cases of illicit or accidental access to these informational systems, detecting weak points in their protection mechanisms, the Center conducts periodic security checks, including implementing special technical measures to simulate a model of accessing personal data informational systems.

7. MANAGEMENT OF INFORMATION SECURITY INCIDENTS AND TECHNICAL PROTECTION OF INFORMATION CONTAINING PERSONAL DATA

Personnel responsible for operating personal data informational systems undergo training, at least once a year, regarding their responsibilities and obligations in managing and responding to security incidents. A mechanism is in place to inform the management of the personal data holder without delay about incidents that breach the security of personal data informational systems. Incident processing includes detection, analysis, prevention of development, removal, and restoration of security. Automated tools are used to support the process of handling security incidents in personal data informational systems. Security incidents in personal data informational systems are monitored and documented on an ongoing basis.

 The uncontrolled presence of persons or vehicles and the accidental installation of antennas are excluded in a zone of at least 15 meters from the location of the primary technical means of the personal data informational system, to ensure the security of personal data processing. Server rooms are protected against leakage of information containing personal data due to electromagnetic emissions through shielding of the rooms or installation of electromagnetic jamming systems, which are designed, built, and tested by specialized enterprises. Unauthorized installation of other electrical, radio, or similar devices in the rooms where personal data processing technical means are located is excluded or limited, to ensure the security of personal data processing. Equipment whose lines exit outside the controlled perimeter is installed at least 3 meters away from the technical means in which personal data is processed.

E-mail
orders@sykors.com
partner@sykors.com
cv@sykors.com
admin@sykors.com

Address
Chisinau, Moldova
Phone
+373 78727705

Copyright © 2024 All right reserved by sykors.com

Privacy Policy
Terms and Conditions