This Security Policy was last modified on May 17, 2018
Introduction
SimilarTech Ltd. and SimilarTech Inc. ("SimilarTech" or "Company" or "we") is
committed to provide
transparency regarding the security measures which it has implemented in order to secure and protect
Personal Data (as defined under the EU General Data Protection Regulation (Regulation 2016/679)
("GDPR")) processed by the Company for the purpose of providing its services as detailed in
Company's Privacy Policy available at: www.similartech.com/privacy.
This information security policy ("Security Policy") outlines the Company's current security
measures deployed by the Company as of the "Last Updated" date indicated above. We will keep
updating this Security Policy from time to time, as required by applicable laws and our internal
policies. Definitions herein shall have the meaning as set forth under the GDPR or in our Privacy
Policy.
As part of our GDPR compliance process, we have implemented, technical organizational monitoring
protections, and established an extensive information and cyber security program, all with
regards
to Personal Data processed by Company.
SimilarTech obligates its employees and partners to review the Security Policy and comply with it at
all times.
System Access Control
Access to all data processing systems is solely via Company's user authentication systems. Only a portion of specific personnel has access to systems. All access to Company's systems admin network are available solely from the office going through a private, dark fibre, link to the data centre. Authentication to each system is through a user-password, unique to each employee or personnel and from a different domain controller dedicated to such environment. Password control and manual and ongoing monitoring on all system access. SimilarTech has implemented extreme measures to ensure the Personal Data is protected.
Data Access Control
The access to the Personal Data is restricted to solely the employees that are required to receive access. Employees are educated and tested with regards to security of the Personal Data. The database is solely accessible to Database administrators and senior developers.
Physical Access Control
SimilarTech ensures the protection of the physical access to the data servers which store the Personal Data. SimilarTech works exclusively with Amazon, as its main cloud storage to host the Personal Data (for additional information regarding Amazon's Security see here). Further, SimilarTech secures the physical access to its offices to ensure that solely authorized individuals such as employees and authorized external parties (maintenance staff, visitor, etc.) can access the Company's offices.
Transfer Control
The goal of transfer control is to ensure that Personal Data cannot be read, copied, modified or removed by unauthorized parties during the electronic transmission of data or during their transport in motion, to the applicable data center. The Business Partner's data is not transferred anywhere other than Company's database. Backup is sent offsite through private link. Transmission of data during backups is encrypted.
Availability Control and Purpose Control
The Company's servers include an automated backup procedure. The Company has a backup concept which includes automated daily backups. Periodical checks are preformed to determine that the backup have occurred.
Data Retention
Personal Data as well as raw data are deleted as soon as possible or as soon as legally required.
Job Control
Employees and data processors are all signed on applicable and binding agreements all of which
include applicable data provisions and data security obligations. Further, as part of the employment
process, employees undergo a screening process applicable per regional law. Employees are bound to
follow the Company's policies and procedures and violations shall result in disciplinary actions up
to and including termination of employment. An employee will not gain access to the Personal Data
until the Company has trust that the employee is well educated and responsible to handle the
Personal Data, if needed, in a secure manner. In addition, the Company hold annual compliance
training which include data security education.
Company has ensured all documents, including without limitations, agreements, privacy policies
online terms, etc. are compliant with the GDPR. Our Legal team is busy ensuring our legal
documentation is updated to reflect any changes and to include the mandatory provisions required by
the GDPR.
THE INFORMATION SECURITY, LEGAL, PRIVACY AND COMPLIANCE DEPARTMENTS WORK TO IDENTIFY REGIONAL LAWS,
REGULATIONS APPLICABLE TO COMPANY'S COMPLIANCE. THEREFORE, THIS SECURITY POLICY MAY BE UPDATED FROM
TIME TO TIME, ACCORDING TO ANY APPLICABLE LEGISLATION OR INTERNAL POLICIES.
DISCLAIMER: THIS WEBSITE IS NOT LEGAL ADVICE FOR YOUR COMPANY TO USE IN COMPLYING WITH EU DATA
PRIVACY LAWS LIKE THE GDPR. INSTEAD, IT PROVIDES BACKGROUND INFORMATION TO HELP YOU BETTER
UNDERSTAND HOW WE, AT SIMILARTECH, HAVE ADDRESSED SOME IMPORTANT LEGAL POINTS. THIS LEGAL
INFORMATION IS NOT THE SAME AS LEGAL ADVICE, WHERE AN ATTORNEY APPLIES THE LAW TO YOUR SPECIFIC
CIRCUMSTANCES, SO WE INSIST THAT YOU CONSULT AN ATTORNEY IF YOU'D LIKE ADVICE ON YOUR INTERPRETATION
OF THIS INFORMATION OR ITS ACCURACY. YOU MAY NOT RELY ON THIS PAPER AS LEGAL ADVICE, NOR AS A
RECOMMENDATION OF ANY PARTICULAR LEGAL UNDERSTANDING.