Data Security Policy

Version: 08 November 2024


The following Data Security Policy outlines the Technical and Organizational Measures (TOM) implemented by Pelt8 ("Provider" or "Contractor") in accordance with the Data Security section in the Data Processing Agreement (DPA).

These measures are undertaken by the Provider to safeguard Personal Data and to fulfill obligations under the existing contract, Article 7 DSG (Article 8 revDSG in conjunction with Article 2 ff. DSV), and, as far as applicable, Article 32 GDPR.

The current version of the Data Processing Agreement is published on the Provider’s Website at https://www.pelt8.com/legal/data-processing-agreement.

TECHNICAL MEASURES

Cybersecurity

Pelt8 implements cybersecurity measures to protect Personal Data from unauthorized access and cyberattacks, including:

  • Development Environments: Access to development environments on Azure and GitHub is secured with two-factor authentication (2FA).

  • Device Security: Company-wide Bitdefender antivirus software is installed on all work devices.

  • Code Approval: Main branch updates on GitHub require code owner approval to maintain code integrity.

  • Regular Software Updates: Regular updates are applied to all software to ensure security.

  • Database Security: Personal Data is stored in a non-public SQL Server database, accessible only with Microsoft Entra authentication.

  • Backend Security: The backend is secured via JSON Web Tokens (JWT) using Microsoft Entra, with 2FA required.


Encryption and Pseudonymisation

In line with GDPR recommendations, Pelt8 uses encryption and pseudonymisation to protect Personal Data:

  • Data Encryption: Databases are encrypted at rest.

  • Data Anonymisation: Personal Data is anonymised within the database to prevent unauthorized identification.


Physical Security

Pelt8 enforces robust physical security measures to control and protect access to offices and buildings, ensuring only authorized personnel can gain entry.


Appropriate Disposal

Pelt8 has secure disposal practices for both physical and digital media containing Personal Data, preventing unauthorized data retrieval, whether intentional or accidental.


Authentication

Pelt8’s information security strategy includes:

  • Two-Factor Authentication (2FA), certificate-based authentication, and HTTPS Encryption for secure data transmission.

  • Enforced password regulations to maintain robust security across systems.


Access Rights

Access to databases containing Personal Data is granted strictly on a "need-to-know" basis, and blanket access for all employees is prohibited.


ORGANIZATIONAL MEASURES

Information Security Policies

Pelt8 maintains Information Security Policies tailored to its operational needs and data processing activities. These policies guide all data security practices.


Business Continuity Plan

Pelt8 has a Business Continuity Plan to ensure that business data, including Personal Data, can be backed up and recovered in the event of an incident, following Azure disaster recovery standards.


Risk Assessments

Regular Risk Assessments are conducted to identify and mitigate any potential security risks associated with Personal Data processing.


Awareness & Training

Pelt8 promotes a culture of security and data protection awareness among employees, providing Regular Training to ensure compliance with all legal and organizational standards.


Reviews & Audits

Pelt8 has established control and audit mechanisms to evaluate the effectiveness of data security measures, with prompt correction of any identified deficiencies.


Due Diligence

Pelt8 exercises Due Diligence in selecting third-party data processors, ensuring they have appropriate Technical and Organizational Measures (TOMs) in place to secure Personal Data. The current List of Sub-Processors engaged by Pelt8 is available at https://www.pelt8.com/legal/list-of-sub-processors.

This Data Security Policy provides a structured overview of the security measures implemented by Pelt8 to protect Personal Data. Let me know if further adjustments are needed! 

Version: 08 November 2024


The following Data Security Policy outlines the Technical and Organizational Measures (TOM) implemented by Pelt8 ("Provider" or "Contractor") in accordance with the Data Security section in the Data Processing Agreement (DPA).

These measures are undertaken by the Provider to safeguard Personal Data and to fulfill obligations under the existing contract, Article 7 DSG (Article 8 revDSG in conjunction with Article 2 ff. DSV), and, as far as applicable, Article 32 GDPR.

The current version of the Data Processing Agreement is published on the Provider’s Website at https://www.pelt8.com/legal/data-processing-agreement.

TECHNICAL MEASURES

Cybersecurity

Pelt8 implements cybersecurity measures to protect Personal Data from unauthorized access and cyberattacks, including:

  • Development Environments: Access to development environments on Azure and GitHub is secured with two-factor authentication (2FA).

  • Device Security: Company-wide Bitdefender antivirus software is installed on all work devices.

  • Code Approval: Main branch updates on GitHub require code owner approval to maintain code integrity.

  • Regular Software Updates: Regular updates are applied to all software to ensure security.

  • Database Security: Personal Data is stored in a non-public SQL Server database, accessible only with Microsoft Entra authentication.

  • Backend Security: The backend is secured via JSON Web Tokens (JWT) using Microsoft Entra, with 2FA required.


Encryption and Pseudonymisation

In line with GDPR recommendations, Pelt8 uses encryption and pseudonymisation to protect Personal Data:

  • Data Encryption: Databases are encrypted at rest.

  • Data Anonymisation: Personal Data is anonymised within the database to prevent unauthorized identification.


Physical Security

Pelt8 enforces robust physical security measures to control and protect access to offices and buildings, ensuring only authorized personnel can gain entry.


Appropriate Disposal

Pelt8 has secure disposal practices for both physical and digital media containing Personal Data, preventing unauthorized data retrieval, whether intentional or accidental.


Authentication

Pelt8’s information security strategy includes:

  • Two-Factor Authentication (2FA), certificate-based authentication, and HTTPS Encryption for secure data transmission.

  • Enforced password regulations to maintain robust security across systems.


Access Rights

Access to databases containing Personal Data is granted strictly on a "need-to-know" basis, and blanket access for all employees is prohibited.


ORGANIZATIONAL MEASURES

Information Security Policies

Pelt8 maintains Information Security Policies tailored to its operational needs and data processing activities. These policies guide all data security practices.


Business Continuity Plan

Pelt8 has a Business Continuity Plan to ensure that business data, including Personal Data, can be backed up and recovered in the event of an incident, following Azure disaster recovery standards.


Risk Assessments

Regular Risk Assessments are conducted to identify and mitigate any potential security risks associated with Personal Data processing.


Awareness & Training

Pelt8 promotes a culture of security and data protection awareness among employees, providing Regular Training to ensure compliance with all legal and organizational standards.


Reviews & Audits

Pelt8 has established control and audit mechanisms to evaluate the effectiveness of data security measures, with prompt correction of any identified deficiencies.


Due Diligence

Pelt8 exercises Due Diligence in selecting third-party data processors, ensuring they have appropriate Technical and Organizational Measures (TOMs) in place to secure Personal Data. The current List of Sub-Processors engaged by Pelt8 is available at https://www.pelt8.com/legal/list-of-sub-processors.

This Data Security Policy provides a structured overview of the security measures implemented by Pelt8 to protect Personal Data. Let me know if further adjustments are needed! 

Version: 08 November 2024


The following Data Security Policy outlines the Technical and Organizational Measures (TOM) implemented by Pelt8 ("Provider" or "Contractor") in accordance with the Data Security section in the Data Processing Agreement (DPA).

These measures are undertaken by the Provider to safeguard Personal Data and to fulfill obligations under the existing contract, Article 7 DSG (Article 8 revDSG in conjunction with Article 2 ff. DSV), and, as far as applicable, Article 32 GDPR.

The current version of the Data Processing Agreement is published on the Provider’s Website at https://www.pelt8.com/legal/data-processing-agreement.

TECHNICAL MEASURES

Cybersecurity

Pelt8 implements cybersecurity measures to protect Personal Data from unauthorized access and cyberattacks, including:

  • Development Environments: Access to development environments on Azure and GitHub is secured with two-factor authentication (2FA).

  • Device Security: Company-wide Bitdefender antivirus software is installed on all work devices.

  • Code Approval: Main branch updates on GitHub require code owner approval to maintain code integrity.

  • Regular Software Updates: Regular updates are applied to all software to ensure security.

  • Database Security: Personal Data is stored in a non-public SQL Server database, accessible only with Microsoft Entra authentication.

  • Backend Security: The backend is secured via JSON Web Tokens (JWT) using Microsoft Entra, with 2FA required.


Encryption and Pseudonymisation

In line with GDPR recommendations, Pelt8 uses encryption and pseudonymisation to protect Personal Data:

  • Data Encryption: Databases are encrypted at rest.

  • Data Anonymisation: Personal Data is anonymised within the database to prevent unauthorized identification.


Physical Security

Pelt8 enforces robust physical security measures to control and protect access to offices and buildings, ensuring only authorized personnel can gain entry.


Appropriate Disposal

Pelt8 has secure disposal practices for both physical and digital media containing Personal Data, preventing unauthorized data retrieval, whether intentional or accidental.


Authentication

Pelt8’s information security strategy includes:

  • Two-Factor Authentication (2FA), certificate-based authentication, and HTTPS Encryption for secure data transmission.

  • Enforced password regulations to maintain robust security across systems.


Access Rights

Access to databases containing Personal Data is granted strictly on a "need-to-know" basis, and blanket access for all employees is prohibited.


ORGANIZATIONAL MEASURES

Information Security Policies

Pelt8 maintains Information Security Policies tailored to its operational needs and data processing activities. These policies guide all data security practices.


Business Continuity Plan

Pelt8 has a Business Continuity Plan to ensure that business data, including Personal Data, can be backed up and recovered in the event of an incident, following Azure disaster recovery standards.


Risk Assessments

Regular Risk Assessments are conducted to identify and mitigate any potential security risks associated with Personal Data processing.


Awareness & Training

Pelt8 promotes a culture of security and data protection awareness among employees, providing Regular Training to ensure compliance with all legal and organizational standards.


Reviews & Audits

Pelt8 has established control and audit mechanisms to evaluate the effectiveness of data security measures, with prompt correction of any identified deficiencies.


Due Diligence

Pelt8 exercises Due Diligence in selecting third-party data processors, ensuring they have appropriate Technical and Organizational Measures (TOMs) in place to secure Personal Data. The current List of Sub-Processors engaged by Pelt8 is available at https://www.pelt8.com/legal/list-of-sub-processors.

This Data Security Policy provides a structured overview of the security measures implemented by Pelt8 to protect Personal Data. Let me know if further adjustments are needed!